Entity Print - Moderately critical - Multiple: Remote Code Execution, Information disclosure - SA-CONTRIB-2022-048
Project: Entity Print Date: 2022-July-13 Security risk: Moderately critical 13∕25 Vulnerability: Multiple: Remote Code Execution, Information disclosure
This module enables you to generate print versions of content.
Some installations of the module make use of the dompdf/dompdf third-party dependency.
Security vulnerabilities exist for versions of dompdf/dompdf < 2.0.0
See the library release notes for more detail: https://github.com/dompdf/dompdf/releases/tag/v2.0.0
Note on 3rd party vulnerabilities
This security advisory corresponds to a 3rd party vulnerability. Normally the Drupal Security Team would not issue advisories related to 3rd party code that is shipped separately from a module per our policy (most recent update is PSA-2019-09-04). In this case, because the module required a specific version and could not be updated without a change to the Drupal module we do issue an advisory.
Install the latest version (8.x-2.6) of this module and update dompdf/dompdf at the same time. It is recommended to use composer to do the update using commands similar to the following:
composer update drupal/entity_print composer require dompdf/dompdf:~2