Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.
CVE-2023-23924 - Critical Severity Vulnerability
Vulnerable Library - dompdf/dompdf-v2.0.0
DOMPDF is a CSS 2.1 compliant HTML to PDF converter
Library home page: https://api.github.com/repos/dompdf/dompdf/zipball/79573d8b8a141ec8a17312515de8740eed014fa9
Dependency Hierarchy: - :x: **dompdf/dompdf-v2.0.0** (Vulnerable Library)
Found in HEAD commit: ab76dd905220f63a5e50d7a6c36543f1d876d52a
Found in base branch: master
Vulnerability Details
Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.
Publish Date: 2023-02-01
URL: CVE-2023-23924
CVSS 3 Score Details (9.8)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
Release Date: 2023-02-01
Fix Resolution: v2.0.2
Step up your Open Source Security Game with Mend here