Vulnerabilities > Dompdf Project

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2021-3838 Unspecified vulnerability in Dompdf Project Dompdf
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function.
network
low complexity
dompdf-project
critical
9.8
2024-11-15 CVE-2021-3902 Unspecified vulnerability in Dompdf Project Dompdf
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks.
network
low complexity
dompdf-project
critical
9.8
2023-12-13 CVE-2023-50262 Unspecified vulnerability in Dompdf Project Dompdf
Dompdf is an HTML to PDF converter for PHP.
network
low complexity
dompdf-project
7.5
2023-02-07 CVE-2023-24813 Unspecified vulnerability in Dompdf Project Dompdf 2.0.2
Dompdf is an HTML to PDF converter written in php.
network
low complexity
dompdf-project
critical
9.8
2023-02-01 CVE-2023-23924 Incorrect Authorization vulnerability in Dompdf Project Dompdf 2.0.1
Dompdf is an HTML to PDF converter.
network
low complexity
dompdf-project CWE-863
critical
9.8
2022-09-25 CVE-2022-41343 Files or Directories Accessible to External Parties vulnerability in Dompdf Project Dompdf
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
network
low complexity
dompdf-project CWE-552
7.5
2022-07-18 CVE-2022-2400 Unspecified vulnerability in Dompdf Project Dompdf
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.
network
low complexity
dompdf-project
5.3
2022-06-28 CVE-2022-0085 Unspecified vulnerability in Dompdf Project Dompdf
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
network
low complexity
dompdf-project
5.3
2022-04-03 CVE-2022-28368 Cross-site Scripting vulnerability in Dompdf Project Dompdf
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
network
low complexity
dompdf-project CWE-79
critical
9.8
2020-01-10 CVE-2014-5013 Unspecified vulnerability in Dompdf Project Dompdf 0.5.2/0.6.0/0.6.1
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
network
low complexity
dompdf-project
8.8