Dompdf is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the font type via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
CPE | Name | Operator | Version |
---|---|---|---|
dompdf/dompdf | le | v1.2.0 | |
dompdf/dompdf | le | v1.2.0 |