SCA: security update for dompdf/dompdf (GHSA-577p-7j7h-2jgf)

critical Tenable Cloud Security Plugin ID 410645

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the
protocol before passing it into the file_get_contents() function. An attacker who can upload files of any
type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate
arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with
frameworks with documented POP chains like Laravel or vulnerable developer code. (CVE-2021-3838)

See Also

https://github.com/advisories/GHSA-577p-7j7h-2jgf

Plugin Details

Severity: Critical

ID: 410645

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.58

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-3838

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/15/2024

Vulnerability Publication Date: 7/13/2023

Reference Information

CVE: CVE-2021-3838

cwe: CWE-502