Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-16898

System Information Leak: External (html5lib/TreeBuilder.php)

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Trivial
          • Resolution: Fixed/Completed
          • Affects Version/s: 4.6.5
          • Fix Version/s: 4.7.8
          • Component/s: Core CiviCRM
          • Security Level: Security - Published
          • Labels:
            None
          • Documentation Required?:
            None
          • Funding Source:
            Needs Funding

            Description

            Summary
            The program might reveal system data or debugging information in with a call to on line . The information revealed by could help an adversary form a plan of attack.Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack.
            Explanation
            An external information leak occurs when system data or debugging information leaves the program to a remote machine via a socket or network connection.
            In this case system data or debugging information is produced by and leaked by in vendor/dompdf/dompdf/lib/html5lib/TreeBuilder.php line 3368

            See PDF for full details

              Attachments

                Activity

                  People

                  • Assignee:
                    mlutfy Mathieu Lutfy
                    Reporter:
                    xurizaemon Chris Burgess
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: