Vulnerabilities in Dompdf before v2.0.0

Dompdf prior to version 2.0.0 is vulnerable to a chroot check bypass, which could cause disclosure of png and jpeg files.

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

https://github.com/dompdf/dompdf/releases/tag/v2.0.0

Issue fork documentation_generator-3310311

Show commands

Start within a Git clone of the project using the version control instructions.

Add & fetch this issue fork’s repository

Or, if you do not have SSH keys set up on git.drupalcode.org:

Add & fetch this issue fork’s repository

realityloop-8.x-1.x-patch-63253 changes, plain diff MR !1
Check out this branch for the first time

Check out existing branch, if you already have it locally
3310311- compare
Check out this branch for the first time

Check out existing branch, if you already have it locally

About issue forks

Comments

Comment #1

19 September 2022 at 00:45

realityloop created an issue. See original summary.

Log in or register to post comments

Comment #2

19 September 2022 at 00:50

realityloop opened merge request !1

Log in or register to post comments

Comment #3

realityloop commented 19 September 2022 at 00:50

Status:

Active

» Needs review

Log in or register to post comments

Comment #4

20 September 2022 at 09:51

realityloop committed 4f6609c on 8.x-1.x
```
Update dompdf for security #3310311
```

Log in or register to post comments

gaurav.kapoor’s picture

Comment #5

gaurav.kapoor commented 20 September 2022 at 09:54

Status:

Needs review

» Fixed

Merged. Thanks for working on this.

Log in or register to post comments

Comment #6

4 October 2022 at 09:54

Status:

Fixed

» Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.

Log in or register to post comments