CVE-2021-3902
CVE-2021-3902 describes an XXE flaw in dompdf/dompdf's SVG parser (improper restriction of external entities) that enables SSRF and PHAR deserialization attacks. Affected: dompdf/dompdf prior to version 2.0.0. Exploitation possible even when isRemoteEnabled is false. Consequences include SSRF, di...