{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T07:30:29.706","vulnerabilities":[{"cve":{"id":"CVE-2021-3838","sourceIdentifier":"security@huntr.dev","published":"2024-11-15T11:15:05.763","lastModified":"2024-11-19T17:11:23.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code."},{"lang":"es","value":"DomPDF anterior a la versión 2.0.0 es vulnerable a la deserialización de PHAR debido a la falta de verificación del protocolo antes de pasarlo a la función file_get_contents(). Un atacante que pueda cargar archivos de cualquier tipo al servidor puede pasar el protocolo phar:// para deserializar el archivo cargado y crear instancias de objetos PHP arbitrarios. Esto puede provocar la ejecución remota de código, especialmente cuando DOMPdf se utiliza con marcos con cadenas POP documentadas como Laravel o código de desarrollador vulnerable."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.0","matchCriteriaId":"CF3441FB-3B15-4935-8A8F-964D7DDFBCAD"}]}]}],"references":[{"url":"https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e","source":"security@huntr.dev","tags":["Exploit","Issue Tracking","Patch","Third Party Advisory"]}]}}]}