Headline
GHSA-6x28-7h8c-chx4: Dompdf allows remote file inclusion because URI validation failure does not halt font registration
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
High severity GitHub Reviewed Published Sep 26, 2022 • Updated Sep 30, 2022
Related news
CVE-2022-41343: Release Dompdf 2.0.1 · dompdf/dompdf
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.