Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-16898

System Information Leak: External (html5lib/TreeBuilder.php)

    Details

    • Type: Bug
    • Status: Done/Fixed
    • Priority: Trivial
    • Resolution: Fixed/Completed
    • Affects Version/s: 4.6.5
    • Fix Version/s: 4.7.8
    • Component/s: Core CiviCRM
    • Security Level: Security - Published
    • Labels:
      None
    • Documentation Required?:
      None
    • Funding Source:
      Needs Funding

      Description

      Summary
      The program might reveal system data or debugging information in with a call to on line . The information revealed by could help an adversary form a plan of attack.Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack.
      Explanation
      An external information leak occurs when system data or debugging information leaves the program to a remote machine via a socket or network connection.
      In this case system data or debugging information is produced by and leaked by in vendor/dompdf/dompdf/lib/html5lib/TreeBuilder.php line 3368

      See PDF for full details

        Attachments

          Activity

            People

            • Assignee:
              mlutfy Mathieu Lutfy
              Reporter:
              xurizaemon Chris Burgess
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: