CVE-2021-3838 CRITICAL

CVE-2021-3838: PHAR Deserialization in dompdf/dompdf

Vendor Dompdf
Product dompdf/dompdf
Weakness CWE-502 · Unsafe deserialization
Published November 15, 2024
Last update November 18, 2024

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.

Key dates

02Disclosure timeline

November 15, 2024 CVE published
November 18, 2024 Record updated