CVE-2021-45394

Published January 18th, 2022

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document.

spipu/html2pdf

OFFICIAL PROJECT | HTML to PDF converter written in PHP

GitHub

1.77K