Lucene search

K
cve[email protected]CVE-2023-23924
HistoryFeb 01, 2023 - 12:15 a.m.

CVE-2023-23924

2023-02-0100:15:10
CWE-863
CWE-551
web.nvd.nist.gov
48
dompdf
2.0.1
cve-2023-23924
html to pdf converter
uri validation
svg parsing
arbitrary unserialize
remote code execution
php < 8.

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

AI Score

9.3

Confidence

High

EPSS

0.01

Percentile

84.0%

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing &lt;image&gt; tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.

Affected configurations

Vulners
NVD
Node
dompdfdompdfRange<2.0.2
VendorProductVersionCPE
dompdfdompdf*cpe:2.3:a:dompdf:dompdf:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "dompdf",
    "product": "dompdf",
    "versions": [
      {
        "version": "< 2.0.2",
        "status": "affected"
      }
    ]
  }
]

CVSS3

10

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:H

AI Score

9.3

Confidence

High

EPSS

0.01

Percentile

84.0%