{"id":"CVE-2018-19047","details":"mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '\u003cimg src=\"http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating \"If you allow users to pass HTML without sanitising it, you're asking for trouble.","modified":"2026-03-14T09:28:46.465504Z","published":"2018-11-07T05:29:00.297Z","references":[{"type":"EVIDENCE","url":"https://github.com/mpdf/mpdf/issues/867"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mpdf/mpdf","events":[{"introduced":"0"},{"last_affected":"ef5d8cf2c63def40fb76fc0a9e286721cb4dffcd"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"7.1.6"}]}}],"versions":["7.0.2","v5.3.0","v5.4.0","v5.5.0","v5.5.1","v5.6.1","v5.7.0","v5.7.1","v5.7.2","v5.7.3","v5.7.3a","v5.7.4","v5.7.4a","v6.0-beta","v6.0.0","v6.1.0","v6.1.1","v6.1.2","v6.1.3","v7.0.0","v7.0.0-RC1","v7.0.0-RC2","v7.0.0-RC3","v7.0.0-RC4","v7.0.0-beta1","v7.0.0-beta2","v7.0.1","v7.0.3","v7.1.0","v7.1.1","v7.1.2","v7.1.3","v7.1.4","v7.1.5","v7.1.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19047.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}