search

jumbaeric / docverter

Docverter is a versatile PHP package for document conversion between various formats. Whether you need to convert RTF, PDF, HTML, Text, Image, Markdown, Excel, or Word documents, this package provides seamless functionality using industry-standard libraries.
1 stars 2 forks source link

Composer Audit #2

Open oleteacher opened 4 months ago

oleteacher commented 4 months ago

Thanks for sharing the package.

I get the following and wonder how to update all to get rid of the vulnerabilities:

10 package suggestions were added by new dependencies, use `composer suggest` to see details.
Generating autoload files
8 packages you are using are looking for funding.
Use the `composer fund` command to find out more!
Found 8 security vulnerability advisories affecting 2 packages.
Run composer audit for a full list of advisories.
Using version ^1.2 for jumbaeric/docverter

old@da-Desktop MINGW64 /e/Composer Tests/DocVerter
$ composer audit
Found 8 security vulnerability advisories affecting 2 packages:
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2023-50262                                                                   |
| Title             | Denial of service caused by infinite recursion when parsing SVG images           |
| URL               | https://nvd.nist.gov/vuln/detail/CVE-2023-50262                                  |
| Affected versions | <2.0.4                                                                           |
| Reported at       | 2023-12-12T09:17:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2023-23924                                                                   |
| Title             | Dompdf vulnerable to URI validation failure on SVG parsing                       |
| URL               | https://github.com/advisories/GHSA-3cw5-7cxw-v5qg                                |
| Affected versions | <2.0.2                                                                           |
| Reported at       | 2023-01-31T14:30:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2022-41343                                                                   |
| Title             | Remote file inclusion                                                            |
| URL               | https://github.com/advisories/GHSA-6x28-7h8c-chx4                                |
| Affected versions | <2.0.1                                                                           |
| Reported at       | 2022-09-22T13:54:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2022-2400                                                                    |
| Title             | Dompdf before v2.0.0 vulnerable to chroot check bypass                           |
| URL               | https://github.com/advisories/GHSA-5qj8-6xxj-hp9h                                |
| Affected versions | <2.0.0                                                                           |
| Reported at       | 2022-07-19T00:00:26+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | dompdf/dompdf                                                                    |
| CVE               | CVE-2022-0085                                                                    |
| Title             | Server-Side Request Forgery in dompdf/dompdf                                     |
| URL               | https://github.com/advisories/GHSA-pf6p-25r2-fx45                                |
| Affected versions | <2.0.0                                                                           |
| Reported at       | 2022-06-23T13:55:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | phenx/php-svg-lib                                                                |
| CVE               | NO CVE                                                                           |
| Title             | Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction b |
|                   | ypass and potential RCE                                                          |
| URL               | https://github.com/advisories/GHSA-97m3-52wr-xvv2                                |
| Affected versions | <0.5.2                                                                           |
| Reported at       | 2024-02-22T18:15:41+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | phenx/php-svg-lib                                                                |
| CVE               | CVE-2024-25117                                                                   |
| Title             | php-svg-lib lacks path validation on font through SVG inline styles              |
| URL               | https://github.com/advisories/GHSA-f3qr-qr4x-j273                                |
| Affected versions | <0.5.2                                                                           |
| Reported at       | 2024-02-21T18:04:16+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
+-------------------+----------------------------------------------------------------------------------+
| Package           | phenx/php-svg-lib                                                                |
| CVE               | CVE-2023-50251                                                                   |
| Title             | Denial of service caused by infinite recursion when parsing SVG document         |
| URL               | https://github.com/advisories/GHSA-ff5x-7qg5-vwf2                                |
| Affected versions | <0.5.1                                                                           |
| Reported at       | 2023-12-13T13:32:21+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
jumbaeric commented 2 months ago

Try again, i fixed this issue.