The "dompdf" library has a vulnerability which allows remote code execution. It may be exploited by some backend users.
CiviCRM version 5.58.0 (and earlier), 5.57.3 (and earlier)
CiviCRM version 5.58.1, 5.57.4 (ESR)
Upgrade to the fixed version of CiviCRM
Alternatively, if you cannot upgrade CiviCRM, you MAY be able to manually upgrade dompdf (on Drupal 8/9). In your site-root, download the secure version:
composer require 'dompdf/dompdf:~2.0.3'
NOTE: This is useful as a short-term override. In the future, when you have a chance to update CiviCRM, you will need to edit
composer.json and remove this override.