Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Project:
Date:
2022-July-27
Security risk:
Vulnerability:
Remote Code Execution
Affected versions:
<2.2.2
Description:
This module enables you to generate PDF versions of content.
Some installations of the module make use of the dompdf/dompdf third-party dependency.
Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes.
Solution:
Install the latest version:
- If you use the pdf_api module for Drupal 2.x, upgrade to pdf_api 2.2.2
Reported By:
Fixed By:
Coordinated By:
- Damien McKenna of the Drupal Security Team
- Greg Knaddison of the Drupal Security Team
