Security Advisory

CVE-2021-3902

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-11-15 10:52:10

Last updated 2024-11-18 14:35:29

Assigner @huntr_ai

State PUBLISHED

Description

An improper restriction of external entities (XXE) vulnerability in dompdf/dompdfs SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.

← Browse all CVEs View on cve.org ↗