← Back

CVE-2021-3838

nvd nist
Published: Nov 15, 2024Modified: Nov 19, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.

Affected (1)

Dompdf Project
1 product
Dompdf
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Dompdf
Before 2.0.0

Related CWEs

CWE-502
Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

References (2)

Source: security@huntr.dev
Patch
Source: security@huntr.dev
ExploitIssue TrackingPatchThird Party Advisory

Timeline

No history available yet.