CVE-2010-4879 — DOMPDF Remote File Inclusion Vulnerability

Description

PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 beta1 allows remote attackers to execute arbitrary PHP code via a URL in the input_file parameter.

How to fix CVE-2010-4879

To remediate CVE-2010-4879, upgrade the affected package to a fixed version below.

Debian/php-dompdf—upgrade to 0.6.1+dfsg-1 or later
Packagist/dompdf/dompdf—upgrade to 0.6.1 or later

Is CVE-2010-4879 being exploited?

Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.6.1+dfsg-1
>= 0.6, < 0.6.1

References (8)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2010-4879
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-4879
PATCHgithub.com/dompdf/dompdf
WEBgithub.com/dompdf/dompdf/commit/23a693993299e669306929e3d49a4a1f7b3fb028
WEB