Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:29 p.m.8 views

CVE-2021-3902

An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...

9.8CVSS6.8AI score0.00924EPSS
Exploits1
Circl
Circl
added 2024/11/15 11:9 a.m.8 views

CVE-2021-3902

creationtimestamp| type| source ---|---|--- 2024-11-15 11:09:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113486656738593782 2024-11-15 13:15:44+00:00| seen| https://t.me/cvedetector/11068 2026-06-21 16:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mossliadl72t...

9.8CVSS7.3AI score0.00924EPSS
Exploits1References4
CVE
CVE
added 2024/11/15 10:52 a.m.74 views

CVE-2021-3902

CVE-2021-3902 describes an XXE flaw in dompdf/dompdf's SVG parser (improper restriction of external entities) that enables SSRF and PHAR deserialization attacks. Affected: dompdf/dompdf prior to version 2.0.0. Exploitation possible even when isRemoteEnabled is false. Consequences include SSRF, di...

9.8CVSS9.5AI score0.00924EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/15 10:52 a.m.13 views

CVE-2021-3902 Improper Restriction of XML External Entity Reference in dompdf/dompdf

An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...

9.8CVSS7.2AI score0.00924EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2024/11/15 10:52 a.m.20 views

CVE-2021-3902

An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...

9.8CVSS8.6AI score0.00924EPSS
Exploits1
Rows per page
Query Builder