Home > Vulnerability Database > CVE-2023-23924

Mend.io Vulnerability Database

CVE-2023-23924

Date: January 31, 2023

Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing "<image>" tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the "phar" URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available.

Language: PHP

Severity Score

10.0

Related Resources (8)

Url: https://github.com/dompdf/dompdf

Url: https://github.com/advisories/GHSA-3cw5-7cxw-v5qg

Url: https://github.com/dompdf/dompdf/releases/tag/v2.0.2

Url: https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg

Url: https://github.com/FriendsOfPHP/security-advisories/blob/master/dompdf/dompdf/CVE-2023-23924.yaml

Url: https://github.com/dompdf/dompdf/commit/7558f07f693b2ac3266089f21051e6b78c6a0c85

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-23924

Url: https://www.mend.io/vulnerability-database/CVE-2023-23924

Severity Score

10.0

Weakness Type (CWE)

Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

CWE-551

Incorrect Authorization

CWE-863

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-23924

Date: January 31, 2023

Language: PHP

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?