Vulnerabilities > Dompdf Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2021-3838 | Deserialization of Untrusted Data vulnerability in Dompdf Project Dompdf DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. | 9.8 |
| 2024-11-15 | CVE-2021-3902 | XXE vulnerability in Dompdf Project Dompdf An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. | 9.8 |
| 2023-12-13 | CVE-2023-50262 | Uncontrolled Recursion vulnerability in Dompdf Project Dompdf Dompdf is an HTML to PDF converter for PHP. | 7.5 |
| 2023-02-07 | CVE-2023-24813 | Interpretation Conflict vulnerability in Dompdf Project Dompdf 2.0.2 Dompdf is an HTML to PDF converter written in php. | 9.8 |
| 2023-02-01 | CVE-2023-23924 | Incorrect Authorization vulnerability in Dompdf Project Dompdf 2.0.1 Dompdf is an HTML to PDF converter. | 9.8 |
| 2022-09-25 | CVE-2022-41343 | Files or Directories Accessible to External Parties vulnerability in Dompdf Project Dompdf registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | 7.5 |
| 2022-07-18 | CVE-2022-2400 | External Control of File Name or Path vulnerability in Dompdf Project Dompdf External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. | 5.3 |
| 2022-06-28 | CVE-2022-0085 | Server-Side Request Forgery (SSRF) vulnerability in Dompdf Project Dompdf Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | 4.3 |
| 2022-04-03 | CVE-2022-28368 | Cross-site Scripting vulnerability in Dompdf Project Dompdf Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). | 9.8 |
| 2020-01-10 | CVE-2014-5013 | Unspecified vulnerability in Dompdf Project Dompdf 0.5.2/0.6.0/0.6.1 DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383. network dompdf-project | 6.8 |