Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:39085
HistoryFeb 02, 2023 - 7:50 a.m.

Remote Code Execution (RCE)

2023-02-0207:50:49
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
12
dompdf
vulnerability
remote code execution

EPSS

0.01

Percentile

84.0%

dompdf/dompdf is vulnerable to Remote Code Execution (RCE). The vulnerability is due to URI validation bypass through the phar URL wrapper by passing `` tags with uppercase letters which allows an attacker to unserialize arbitrary objects, possibly leading to RCE.

CPENameOperatorVersion
dompdf/dompdflev2.0.1
dompdf/dompdflev2.0.1