VYPR
Critical severityNVD Advisory· Published Apr 3, 2022· Updated Aug 3, 2024

CVE-2022-28368

CVE-2022-28368

Description

Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
dompdf/dompdfPackagist
< 1.2.11.2.1

Affected products

2

Patches

Vulnerability mechanics

References

10

News mentions

1