Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Gotenberg has a ReDoS via extraHttpHeaders scope feature
Vulnerability Description
Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
Gotenberg 安全漏洞
Vulnerability Description
Gotenberg是Gotenberg开源的一个开发人员友好的 API。用于将多种文档格式转换为 PDF 文件。 Gotenberg 8.29.1及之前版本存在安全漏洞,该漏洞源于使用dlclark/regexp2编译用户提供的范围模式时未设置适当的超时,可能导致访问相关功能的用户无限期挂起工作进程。
CVSS Information
N/A
Vulnerability Type
N/A