PDF generator API - Moderately critical - Remote Code Execution - SA-CONTRIB-2022-050

Project: PDF generator APIVersion: 2.2.12.2.02.1.02.0.0Date: 2022-July-27Security risk: Moderately critical 12∕25 AC:Complex/A:User/CI:Some/II:Some/E:Theoretical/TD:DefaultVulnerability: Remote Code ExecutionDescription: This module enables you to generate PDF versions of content.
Some installations of the module make use of the dompdf/dompdf third-party dependency.
Security vulnerabilities exist for versions of dompdf/dompdf before 2.0.0 as described in the 2.0.0 release notes.Solution: Install the latest version:

  • If you use the pdf_api module for Drupal 2.x, upgrade to pdf_api 2.2.2

Reported By: 

Fixed By: 

Coordinated By: 

Path to article https://www.drupal.org/sa-contrib-2022-050