Moderately critical Security Update - Multiple: Remote Code Execution, Information disclosure

Unsplash

This module enables you to generate print versions of content. Some installations of the module make use of the dompdf/dompdf third-party dependency.
Security vulnerabilities exist for versions of dompdf/dompdf < 2.0.0

This security advisory corresponds to a 3rd party vulnerability. Normally the Drupal Security Team would not issue advisories related to 3rd party code that is shipped separately from a module per our policy (most recent update is PSA-2019-09-04). In this case, because the module required a specific version and could not be updated without a change to the Drupal module we do issue an advisory.

Solution: 
Install the latest version (8.x-2.6) of this module and update dompdf/dompdf at the same time. It is recommended to use composer to do the update using commands similar to the following:

composer update drupal/entity_print
composer require dompdf/dompdf:~2 

Source:

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

Advertisement Here

Call for Support