Critical severityNVD Advisory· Published Nov 15, 2024· Updated Nov 18, 2024
Improper Restriction of XML External Entity Reference in dompdf/dompdf
CVE-2021-3902
Description
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dompdf/dompdfPackagist | < 2.0.0 | 2.0.0 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.