Dompdf.SVG.Parsing.Use.Tag.href.Validation.Security.Bypass
Description
This indicates an attack attempt to exploit a Code Execution Vulnerability in DomPDF.
The vulnerability is due to an error when the vulnerable application handles a malicious SVG. A remote attacker may exploit this vulnerability by sending a crafted request to the target server. Successfully exploiting this vulnerability could result in remote code execution.
Affected Products
DomPDF version 0.5.0 and earlier versions
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Upgrade to the latest version, available from the website:
https://github.com/dompdf/dompdf
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |