A Template Injection vulnerability in the latest version of Kong’s Insomnia API Client (v. 11.2.0) leads to Remote Code Execution.
TANTO DOJO
BLOG
Dompdf is a popular library in PHP used for rendering PDF files from HTML. Tanto Security disclosed a vulnerability in Dompdf affecting version 2.0.0 and below. The vulnerability was patched in Dompdf v2.0.1. We recommend all Dompdf users update to the latest version as soon as possible. Exploitation of the vulnerability results in remote code execution subject to the following conditions. The application is deployed on PHP <= 7.x and a well-known RCE deserialization gadget exists in any of the applications library’s.
Let our seasoned experts sharpen your cyber security. Call 1300 1 TANTO 82686 or send us a message.
CONTACT Let’s talk
Please include a little about the service you are after and what you need done. We will work with you to achieve the desired result.
Got sensitive information?
Download our PGP key
Download our PGP key
Level 4, 350 Collins Street
MELBOURNE VIC
3000 AUSTRALIA
MELBOURNE VIC
3000 AUSTRALIA
Level 1, 234 George Street
SYDNEY NSW
2000 AUSTRALIA
SYDNEY NSW
2000 AUSTRALIA
Please include a little about the service you are after and what you need done. We will work with you to achieve the desired result.
Protected by reCAPTCHAv3
Protected by reCAPTCHAv3