Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability - phenx/php-svg-lib #1045

Open
InfosecCloudNB opened this issue Apr 25, 2024 · 5 comments
Open

Security vulnerability - phenx/php-svg-lib #1045

InfosecCloudNB opened this issue Apr 25, 2024 · 5 comments

Comments

@InfosecCloudNB
Copy link

Describe the bug
This wrapper uses dompdf/dompdf:^2.0.3. This version of phenx/php-svg-lib: >=0.3.3 <1.0.0 which has a HIGH vulnerability. Could we update the dompdf dependency to dompdf/dompdf:^2.0.7 as this uses phenx/php-svg-lib: >=0.5.2 <1.0.0 which addresses the vulnerability?
@barryvdh
Copy link
Owner

I think it would be better to add that to https://github.com/dompdf/dompdf directly.

@InfosecCloudNB
Copy link
Author

Sorry if I'm misunderstanding you but dompdf have already addressed the vulnerability but this package uses an older version of dompdf (v2.0.3) as a dependency. Can we update this package to use v2.0.7 of dompdf?

@dsturm
Copy link

dsturm commented Apr 29, 2024

Could be closed as completed in c96f90c

@parallels999
Copy link

#1027 (comment)

@barryvdh
Copy link
Owner

This package requires 2.0.7 or higher, so it is not problemen to just update to newer versions. For 3.x though, try the beta.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dsturm @barryvdh @parallels999 @InfosecCloudNB