Vulnerabilities > Dompdf Project > Dompdf > 1.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-12-13 | CVE-2023-50262 | Uncontrolled Recursion vulnerability in Dompdf Project Dompdf Dompdf is an HTML to PDF converter for PHP. | 7.5 |
2022-09-25 | CVE-2022-41343 | Files or Directories Accessible to External Parties vulnerability in Dompdf Project Dompdf registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. | 7.5 |
2022-07-18 | CVE-2022-2400 | External Control of File Name or Path vulnerability in Dompdf Project Dompdf External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. | 5.3 |
2022-06-28 | CVE-2022-0085 | Server-Side Request Forgery (SSRF) vulnerability in Dompdf Project Dompdf Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | 4.3 |
2022-04-03 | CVE-2022-28368 | Cross-site Scripting vulnerability in Dompdf Project Dompdf Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file). | 9.8 |