Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

F5 Networks
F5 Networksadded 2023/02/27 7:43 p.m.27 views

K000132775: DOMPDF vulnerabilities CVE-2023-23924 and CVE-2023-24813

Security Advisory Description CVE-2023-23924 Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing tags with uppercase letters. This may lead to arbitrary object unserialize on PHP 8, through the phar URL wrapper. An attacker can exploit...

10CVSS9.2AI score0.51462EPSS
Exploits3
Prion
Prionadded 2023/02/07 7:15 p.m.10 views

Design/Logic Flaw

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...

7.5CVSS9.7AI score0.09321EPSS
Exploits2References2Affected Software1
Cvelist
Cvelistadded 2023/02/07 6:5 p.m.18 views

CVE-2023-24813 URI validation failure on SVG parsing. Bypass of CVE-2023-23924

Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of image tags and respects xlink:href even if href is specified. However...

10CVSS9.8AI score0.09321EPSS
Exploits2References2
Rows per page
Query Builder