324 matches found
CVE-2022-41343
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...
Remote file inclusion
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...
DRUPAL-CONTRIB-2022-050
This module enables you to generate PDF versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes...
PDF generator API - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-050
This module enables you to generate PDF versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes...
Information Disclosure
dompdf/dompdf is vulnerable to information disclosure. The vulnerability exists because the resource URI validations are not properly handled which allows an attacker to bypass chroot checks and gain access to image files in the system...
Dompdf before v2.0.0 vulnerable to chroot check bypass
Dompdf prior to version 2.0.0 is vulnerable to a chroot check bypass, which could cause disclosure of png and jpeg files...
GHSA-5QJ8-6XXJ-HP9H Dompdf before v2.0.0 vulnerable to chroot check bypass
Dompdf prior to version 2.0.0 is vulnerable to a chroot check bypass, which could cause disclosure of png and jpeg files...
CVE-2022-2400
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
DEBIAN-CVE-2022-2400
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
CVE-2022-2400
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
UBUNTU-CVE-2022-2400
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
Dompdf 安全漏洞
Dompdf is an HTML to PDF converter. A security vulnerability exists in Dompdf versions prior to 2.0.0, which originates from an externally controlled filename or path...
CVE-2022-2400
CVE-2022-2400 affects php-dompdf prior to 2.0.0, with Debian/Ubuntu advisories (DLA-4427-1, USN-6277-1/2) documenting a vulnerability where external control of the file name/path could bypass access checks. Debian 11 fix: upgrade to 0.6.2+dfsg-3.1+deb11u1; Ubuntu advisories reference correspondin...
CVE-2022-2400 External Control of File Name or Path in dompdf/dompdf
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
PT-2022-16401
Name of the Vulnerable Software and Affected Versions dompdf versions prior to 2.0.0 Description The issue concerns a chroot check bypass that could lead to the disclosure of png and jpeg files. It allows for external control of file name or path in the GitHub repository dompdf/dompdf...
CVE-2022-2400 External Control of File Name or Path in dompdf/dompdf
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
CVE-2022-2400
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0...
DRUPAL-CONTRIB-2022-048
This module enables you to generate print versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf Note on 3rd party vulnerabilities This security advisory corresponds to a 3rd party...
Entity Print - Moderately critical - Multiple: Remote Code Execution, Information disclosure - SA-CONTRIB-2022-048
This module enables you to generate print versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency. Security vulnerabilities exist for versions of dompdf/dompdf 2.0.0 See the library release notes for more detail:...
Server-Side Request Forgery in dompdf/dompdf
Server-Side Request Forgery SSRF in GitHub repository dompdf/dompdf prior to 2.0.0...