DRUPAL-CONTRIB-2022-048

Import Source

https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/entity_print/DRUPAL-CONTRIB-2022-048.json

JSON Data

https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2022-048

Published

2022-07-13T15:44:42Z

Modified

2025-12-10T23:31:49.335658Z

Summary

[none]

Details

This module enables you to generate print versions of content.
Some installations of the module make use of the dompdf/dompdf third-party dependency.
Security vulnerabilities exist for versions of dompdf/dompdf < 2.0.0

See the library release notes for more detail: https://github.com/dompdf/dompdf/releases/tag/v2.0.0

Note on 3rd party vulnerabilities

This security advisory corresponds to a 3rd party vulnerability. Normally the Drupal Security Team would not issue advisories related to 3rd party code that is shipped separately from a module per our policy (most recent update is PSA-2019-09-04). In this case, because the module required a specific version and could not be updated without a change to the Drupal module we do issue an advisory.

References

https://www.drupal.org/sa-contrib-2022-048

Credits

- Munavir P k
- - https://www.drupal.org/user/3604066
- szato
- - https://www.drupal.org/user/389677

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/entity_print

Package

Name: drupal/entity_print
Purl: pkg:composer/drupal/entity_print

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

2.6.0

Database specific

{
    "constraint": "<2.6.0"
}

Database specific

affected_versions

"<2.6.0"

source

"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/entity_print/DRUPAL-CONTRIB-2022-048.json"