SCA: security update for dompdf/dompdf (GHSA-3cw5-7cxw-v5qg)

critical Tenable Self-Hosted Container Security Plugin ID 409467

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by
passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8,
through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with
arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to
arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code
execution, depending on classes that are available. (CVE-2023-23924)

See Also

https://github.com/advisories/GHSA-3cw5-7cxw-v5qg

Plugin Details

Severity: Critical

ID: 409467

Version: Revision 1.4

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.87

Vendor

Vendor Severity: Critical

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-23924

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/1/2023

Vulnerability Publication Date: 1/31/2023

Reference Information

CVE: CVE-2023-23924