平台
other
组件
invoiceshelf
修复版本
2.2.1
A Server-Side Request Forgery (SSRF) vulnerability has been identified in InvoiceShelf, an open-source web and mobile application for expense and invoice management. This flaw, present in versions prior to 2.2.0, allows attackers to trigger the application to fetch arbitrary remote resources. The vulnerability stems from unsanitized user-supplied HTML in the invoice Notes field, which is passed directly to the Dompdf rendering library. A patch addressing this issue is available in version 2.2.0.
The SSRF vulnerability in InvoiceShelf allows an attacker to leverage the application's PDF generation functionality to make requests to internal or external resources. By injecting malicious HTML into the invoice Notes field, an attacker can craft a request that the application will then execute on behalf of the user. This could lead to unauthorized access to internal services, data exfiltration, or even remote code execution if the targeted resource is vulnerable. The impact is amplified if the application is deployed in an environment with sensitive internal resources or if it interacts with other systems that could be compromised through this SSRF attack. The ability to trigger this via PDF preview and email delivery endpoints expands the potential attack surface.
This vulnerability was publicly disclosed on 2026-03-31. There is currently no indication of active exploitation campaigns targeting InvoiceShelf. The vulnerability's ease of exploitation, combined with the widespread use of InvoiceShelf, could make it an attractive target for opportunistic attackers. No KEV listing is currently available.
Organizations using InvoiceShelf for expense and invoice management, particularly those with legacy configurations or shared hosting environments, are at risk. Users who rely on the PDF generation functionality and have not implemented input validation measures are especially vulnerable.
• linux / server:
journalctl -u invoiceshelf | grep -i "dompdf" -i "remote resource"• generic web:
curl -I 'https://<invoiceshelf_url>/pdf/preview?invoice_id=<invoice_id>¬es=<malicious_html>' | grep 'Location:'disclosure
漏洞利用状态
EPSS
0.03% (10% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-34367 is to upgrade InvoiceShelf to version 2.2.0 or later, which includes a fix for the SSRF vulnerability. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to filter out potentially malicious HTML content in the invoice Notes field. Specifically, look for patterns indicative of SSRF attempts, such as URLs or data URIs within the HTML. Additionally, review and restrict the permissions of the application's user accounts to minimize the potential impact of a successful SSRF attack. After upgrading, confirm the fix by attempting to generate a PDF invoice with malicious HTML in the Notes field and verifying that the application does not make unauthorized requests.
将 InvoiceShelf 更新到 2.2.0 或更高版本。此版本通过清理发票备注字段中的 HTML 输入来修复 SSRF 漏洞。这将防止 Dompdf 库获取不需要的远程资源。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-34367 is a Server-Side Request Forgery vulnerability in InvoiceShelf versions prior to 2.2.0, allowing attackers to trigger requests to arbitrary remote resources via unsanitized HTML in invoice notes.
You are affected if you are using InvoiceShelf version 2.2.0 or earlier. Upgrade to 2.2.0 to resolve the vulnerability.
Upgrade InvoiceShelf to version 2.2.0 or later. As a temporary workaround, implement a WAF rule to filter malicious HTML in invoice notes.
There is currently no indication of active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the InvoiceShelf project's official website and GitHub repository for updates and advisories related to CVE-2026-34367.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。