VDB
CVE-2021-3838
CVE-2021-3838
PUBLISHED
CVSS 9.800000190734863 CRITICAL
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files of any type to the server can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution, especially when DOMPdf is used with frameworks with documented POP chains like Laravel or vulnerable developer code.
EPSS 6.93% · 91.6th percentile
Risk Scores
CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
6.93%
91.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| dompdf | dompdf | 0 |
| dompdf | dompdf | 0 |
| dompdf | dompdf/dompdf | unspecified |
| dompdf_project | dompdf | 0 |
Exploit Intelligence
- https://huntr.com/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e (nist-nvd)
- CIRCL seen: CVE-2021-3838 (circl-sighting)
- CIRCL seen: CVE-2021-3838 (circl-sighting)
- https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a (circl)
Timeline
- Nov 15, 2024 CVE Published
- Nov 15, 2024 PoC Published
- Nov 16, 2024 EPSS Score
- Nov 18, 2024 CVE Updated
- Dec 5, 2024 EPSS Score
- Jan 9, 2025 EPSS Score
- Jan 26, 2025 EPSS Score
- Mar 3, 2025 EPSS Score
- Mar 17, 2025 EPSS Score
- Mar 20, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 29, 2025 EPSS Score