An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious <link> tag in the converted HTML document.
{ "nvd_published_at": "2022-01-18T12:15:00Z", "github_reviewed_at": "2022-01-19T22:40:38Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-79", "CWE-918" ] }