Critical Vulnerability in Dompdf PHP Library

Dompdf has released a security advisory to address a critical vulnerability (CVE-2023-23924) in their PHP library. The vulnerability affects dompdf PHP library versions 2.0.1 and below. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 10 out of 10.

Successful exploitation of the vulnerability could allow an attacker to perform arbitrary file deletion on servers, potentially leading to remote code execution.

Users and administrators of servers running affected dompdf versions are advised to upgrade to version 2.0.2 immediately.

More information is available here:

https://nvd.nist.gov/vuln/detail/CVE-2023-23924/

https://securityonline.info/cve-2023-23924-critical-severity-rce-flaw-found-in-popular-dompdf-library

https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5q