registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| dompdf/dompdf(Packagist) | 0 | 2.0.1 | N/A |
CVSS Metrics
