Vulnerabilities > Dompdf Project > Dompdf > 0.8.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-15 | CVE-2021-3838 | Unspecified vulnerability in Dompdf Project Dompdf DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. | 9.8 |
| 2024-11-15 | CVE-2021-3902 | Unspecified vulnerability in Dompdf Project Dompdf An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. | 9.8 |
| 2023-12-13 | CVE-2023-50262 | Unspecified vulnerability in Dompdf Project Dompdf Dompdf is an HTML to PDF converter for PHP. | 7.5 |
| 2022-09-25 | CVE-2022-41343 | Files or Directories Accessible to External Parties vulnerability in Dompdf Project Dompdf registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | 7.5 |
| 2022-07-18 | CVE-2022-2400 | Unspecified vulnerability in Dompdf Project Dompdf External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. | 5.3 |
| 2022-06-28 | CVE-2022-0085 | Unspecified vulnerability in Dompdf Project Dompdf Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | 5.3 |
| 2022-04-03 | CVE-2022-28368 | Cross-site Scripting vulnerability in Dompdf Project Dompdf Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). | 9.8 |