5 matches found
CVE-2021-3902
An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...
CVE-2021-3902
creationtimestamp| type| source ---|---|--- 2024-11-15 11:09:17+00:00| seen| https://infosec.exchange/users/cve/statuses/113486656738593782 2024-11-15 13:15:44+00:00| seen| https://t.me/cvedetector/11068 2026-06-21 16:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mossliadl72t...
CVE-2021-3902
CVE-2021-3902 describes an XXE flaw in dompdf/dompdf's SVG parser (improper restriction of external entities) that enables SSRF and PHAR deserialization attacks. Affected: dompdf/dompdf prior to version 2.0.0. Exploitation possible even when isRemoteEnabled is false. Consequences include SSRF, di...
CVE-2021-3902 Improper Restriction of XML External Entity Reference in dompdf/dompdf
An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...
CVE-2021-3902
An improper restriction of external entities XXE vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery SSRF and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to...