CVE-2023-23924

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-23924

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23924.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-23924

Aliases

GHSA-3cw5-7cxw-v5qg

Published

2023-02-01T00:15:10Z

Modified

2024-05-23T01:26:36.305766Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing <image> tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the phar URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.

References

Affected packages

Git / github.com/dompdf/dompdf

Affected ranges

Type: GIT
Repo: https://github.com/dompdf/dompdf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7558f07f693b2ac3266089f21051e6b78c6a0c85

Affected versions

v0.*

v0.6.0

v0.6.0-b3

v0.6.1

v0.6.2

v0.7.0

v0.7.0-beta

v0.7.0-beta2

v0.7.0-beta3

v0.8.0

v0.8.1

v0.8.2

v0.8.3

v0.8.4

v0.8.5

v0.8.6

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.2.0

v1.2.1

v1.2.2

v2.*

v2.0.0

v2.0.1