प्लेटफ़ॉर्म
other
घटक
invoiceshelf
में ठीक किया गया
2.2.1
A Server-Side Request Forgery (SSRF) vulnerability has been identified in InvoiceShelf, an open-source expense and invoice tracking application. This flaw, present in versions prior to 2.2.0, allows attackers to trigger the application to fetch arbitrary remote resources. The vulnerability is directly exploitable through the PDF receipt endpoint and impacts users who utilize this feature, regardless of email attachment settings. A patch is available in version 2.2.0.
The SSRF vulnerability in InvoiceShelf allows an attacker to leverage the application to make requests to internal or external resources that the application itself has access to. By injecting malicious HTML into the payment notes field, an attacker can manipulate the Dompdf library to fetch arbitrary URLs. This could lead to the exposure of sensitive internal data, unauthorized access to internal services, or even the potential for remote code execution if the fetched resources are processed further by the application. The lack of sanitization makes this vulnerability relatively easy to exploit.
This vulnerability was publicly disclosed on 2026-03-31. No public proof-of-concept exploits have been identified at the time of writing. The vulnerability's ease of exploitation, combined with InvoiceShelf's open-source nature and potential for widespread deployment, suggests a medium probability of exploitation. It is not currently listed on the CISA KEV catalog.
Organizations and individuals using InvoiceShelf versions prior to 2.2.0, particularly those who rely on the PDF receipt generation feature for payment processing, are at risk. Shared hosting environments where multiple users share the same InvoiceShelf instance are especially vulnerable, as an attacker could potentially exploit the vulnerability through another user's account.
• linux / server:
journalctl -u invoiceshelf | grep -i "dompdf"• generic web:
curl -I 'https://<invoiceShelf_URL>/receipt.pdf?notes=<malicious_html>' | grep 'Server:'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.03% (10% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-34366 is to upgrade InvoiceShelf to version 2.2.0 or later, which includes the necessary fix. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing suspicious HTML in the payment notes field. Additionally, restrict network access to the InvoiceShelf server to only allow necessary outbound connections. Monitor application logs for unusual outbound requests originating from the PDF receipt endpoint. After upgrading, confirm the fix by attempting to generate a PDF receipt with malicious HTML in the notes field; the request should be rejected.
Actualice InvoiceShelf a la versión 2.2.0 o posterior. Esta versión corrige la vulnerabilidad SSRF al sanitizar la entrada HTML en el campo de notas del pago.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-34366 is a Server-Side Request Forgery (SSRF) vulnerability affecting InvoiceShelf versions 2.2.0 and earlier. It allows attackers to make requests to arbitrary URLs through the application's PDF receipt generation module.
You are affected if you are using InvoiceShelf version 2.2.0 or earlier. Upgrade to version 2.2.0 to resolve the vulnerability.
Upgrade InvoiceShelf to version 2.2.0 or later. As a temporary workaround, implement a WAF rule to block suspicious HTML in the payment notes field.
No active exploitation has been confirmed at this time, but the vulnerability's ease of exploitation warrants caution.
Refer to the InvoiceShelf project's official website and GitHub repository for the latest security advisories and updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।