Headline
CVE-2022-0085: Add a default context · dompdf/dompdf@bb1ef65
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.
@@ -298,6 +298,18 @@ public function __construct(array $attributes = null)
$this->setFontDir($rootDir . “/lib/fonts”);
$this->setFontCache($this->getFontDir());
$ver = "";
$versionFile = realpath(__DIR__ . “/…/VERSION”);
if (file_exists($versionFile) && ($version = trim(file_get_contents($versionFile))) !== false && $version !== ‘$Format:<%h>$’) {
$ver = "/$version";
}
$this->setHttpContext([
“http” => [
“follow_location” => false,
“user_agent” => “Dompdf$ver https://github.com/dompdf/dompdf”
]
]);
if (null !== $attributes) {
$this->set($attributes);
}
Related news
GHSA-pf6p-25r2-fx45: Server-Side Request Forgery in dompdf/dompdf
Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.