InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Se…

InvoiceShelf, an open-source web and mobile application for tracking expenses and creating invoices, contains a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 2.2.0. The vulnerability exists in the Estimate PDF generation module where user-supplied HTML in the estimate Notes field is passed unsanitized to the Dompdf rendering library. This allows attackers to make the server fetch remote resources referenced in the markup. The vulnerability can be exploited through PDF preview and customer view endpoints regardless of email attachment settings. The issue has been patched in version 2.2.0.