Lucene search
Veracode Vulnerability DatabaseVERACODE:39666HistoryMar 11, 2023 - 10:33 p.m.
Deserialization Of Untrusted Data
2023-03-1122:33:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
php-dompdf is vulnerable to Deserialization of Untrusted Data. The library is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. If an attacker can upload files of any type to the server, they can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution when DOMPdf is used with frameworks with documented POP chains.
Related
huntr
huntr
in dompdf/dompdf
2021-09-20 16:08:51
ubuntucve
ubuntucve
CVE-2021-3838
2023-02-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package tor version 0.4.7.8-alt1
2022-06-20 00:00:00
debiancve
debiancve
CVE-2021-3838
2022-06-21 03:04:12
cve
cve
CVE-2021-3838
2022-06-21 03:04:12
osv
osv
php-dompdf - regression update
2023-08-10 00:00:00
php-dompdf - security update
2023-07-13 00:00:00
php-dompdf vulnerabilities
2023-08-08 14:10:26
debian
debian
[SECURITY] [DLA 3495-1] php-dompdf security update
2023-07-13 21:16:41
[SECURITY] [DLA 3495-2] php-dompdf regression update
2023-08-11 09:02:38
openvas
openvas
Debian: Security Advisory (DLA-3495-1)
2023-07-14 00:00:00
Ubuntu: Security Advisory (USN-6277-1)
2023-08-09 00:00:00
Ubuntu: Security Advisory (USN-6277-2)
2023-08-11 00:00:00
nessus
nessus
Debian DLA-3495-1 : php-dompdf - LTS security update
2023-07-14 00:00:00
Ubuntu 22.04 LTS : Dompdf vulnerabilities (USN-6277-2)
2023-08-10 00:00:00
ubuntu
ubuntu
Dompdf vulnerabilities
2023-08-10 00:00:00
Dompdf vulnerabilities
2023-08-08 00:00:00
Related for VERACODE:39666