Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Vulnerability Description
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Dompdf 代码问题漏洞
Vulnerability Description
Dompdf是Dompdf开源的一个 HTML 到 PDF 的转换器。 Dompdf 2.0.0之前版本存在代码问题漏洞,该漏洞源于存在对外部实体(XXE)漏洞的不当限制,可能导致服务器端请求伪造(SSRF)和反序列化攻击。
CVSS Information
N/A
Vulnerability Type
N/A