HOW TO MITTIGATE THE NEW REMOTE CODE EXECUTION VULNERABILITY IN DOMPDF
Maximilian Kirchmeier and and Fabian Bräunlein security researchers from Positive Security have revealed a new remote code execution vulnerability in dompdf. It’s a PHP-based HTML to PDF converter that could execute remote code if exploited successfully. This vulnerability has significant outcomes on websites requiring the server-side generation of PDFs.
1. What Is Dompdf?
2. Summary Of The New Remote Code Execution Vulnerability In Dompdf:
3. How does The attacker Exploit The RCE Vulnerability In Dompdf?
4. Impact Of The New Remote Code Execution Vulnerability In Dompdf:
5. How To Mitigate The New Remote Code Execution Vulnerability In Dompdf?
Table of Contents :
* Handles CSS 2.1 and a few CSS3 properties, such as @media, @import, and @page rules.
* Supports external stylesheets
* Supports presentational HTML 4.0 attributes
* Supports complex tables, such as row and column spans, individual cell styling, and separate and collapsed border models
* Inline PHP support
* Image support
* Basic SVG support