Vulnerabilities > CVE-2021-45394 - Deserialization of Untrusted Data vulnerability in Html2Pdf Project Html2Pdf

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
html2pdf-project
CWE-502
NVD
Published: 2022-01-18
Updated: 2022-07-12

Summary

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document.

Vulnerable Configurations

Part Description Count
Application
Html2Pdf_Project
12

Common Weakness Enumeration (CWE)

References