exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2021-3902

около 1 года назад

An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.

CVSS3: 9.8

EPSS: Низкий

CVE-2021-3902

около 1 года назад

An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.

CVSS3: 9.8

EPSS: Низкий

CVE-2021-3902

около 1 года назад

An improper restriction of external entities (XXE) vulnerability in do ...

CVSS3: 9.8

EPSS: Низкий

GHSA-3vjh-xrhf-v9xh

около 1 года назад

Improper Restriction of XML External Entity Reference in dompdf/dompdf

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2021-3902 An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.	CVSS3: 9.8	3% Низкий	около 1 года назад
CVE-2021-3902 An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versions prior to 2.0.0. The vulnerability can be exploited even if the isRemoteEnabled option is set to false. It allows attackers to perform SSRF, disclose internal image files, and cause PHAR deserialization attacks.	CVSS3: 9.8	3% Низкий	около 1 года назад
CVE-2021-3902 An improper restriction of external entities (XXE) vulnerability in do ...	CVSS3: 9.8	3% Низкий	около 1 года назад
GHSA-3vjh-xrhf-v9xh Improper Restriction of XML External Entity Reference in dompdf/dompdf	CVSS3: 9.8	3% Низкий	около 1 года назад

Уязвимостей на страницу