3 matches found
[SECURITY] [DSA 5399-1] odoo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5399-1 [email protected] https://www.debian.org/security/ Sebastien Delafond May 05, 2023 https://www.debian.org/security/faq -...
@fb24m/etc (>=1.0.0 <=1.2.0-1), pdf-exports (=1.0.0) +1 more potentially affected by CVE-2022-21165 via font-converter (=1.1.1)
font-converter NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on font-converter and may be impacted: - @fb24m/etc =1.0.0, =1.2.0-1 - pdf-exports =1.0.0 - pdf-img-exports =1.0.0 Source cves: CVE-2022-21165 Source advisory:...
in bookstackapp/bookstack
Description The dompdf chroot option in Bookstack App is set to basepath, which is the Laravel root folder /var/www/bookstack. An attacker can hence load any image file in the Laravel folder /var/www/bookstack or its subdirectories via PDF exports. Proof of Concept 1: Place an image file in...