CVE-2024-40639

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.1.0

Description The issue affects Gotenberg, a tool that provides an API for converting document formats into PDF files. Prior to version 8.1.0, the default value for the flag --chromium-deny-list allowed the display of some internal files from the Gotenberg container. This was due to the use of the standard regexp Go library, which does not support negative lookahead. The estimated number of potentially affected devices worldwide is not available. There are no known real-world incidents where this issue was exploited.

Recommendations For Gotenberg versions prior to 8.1.0, upgrade to version 8.1.0 or later to resolve the issue. As a temporary workaround, consider using alternative configurations with either or both --chromium-deny-list and --chromium-allow-list flags to restrict access to internal files.