PDF generator API - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-050

Project: PDF generator API
Version: 2.2.1, 2.2.0, 2.1.0, 2.0.0
Date: 2022-July-27
Security risk: Moderately critical 12∕25
Vulnerability: Remote Code Execution

Description

This module enables you to generate PDF versions of content.

Some installations of the module make use of the dompdf/dompdf third-party dependency.

Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes.

Solution

Install the latest version:

If you use the pdf_api module for Drupal 2.x, upgrade to pdf_api 2.2.2

Nick Onom
Marketing Project Manager

Enthusiastic about all kinds of Open Source applications, AI, bitcoins, but mostly Drupal and Backdrop. For last years has been actively developing AltaGrade's new back-end system.

Drupal · Security

PDF generator API - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-050

Description

Solution

We value your opinion. Please add your feedback.