dompdf up to 1.x file inclusion

EntryHistoryDiffjsonxmlCTI

A vulnerability was found in dompdf up to 1.x and classified as problematic. Affected by this issue is an unknown functionality. Upgrading to version 2.0.0 eliminates this vulnerability. Applying the patch 99aeec1efec9213e87098d42eb09439e7ee0bb6a is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Field	07/19/2022 11:18 AM	08/06/2022 01:49 PM	08/06/2022 01:55 PM
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_e	X	X	X
cvss3_cna_basescore	5.3	5.3	5.3
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.4	4.4	4.4
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	5.1	5.1	5.1
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	5.2	5.2	5.2
price_0day	$0-$5k	$0-$5k	$0-$5k
name	dompdf	dompdf	dompdf
version	<=1.x	<=1.x	<=1.x
cwe	73 (file inclusion)	73 (file inclusion)	73 (file inclusion)
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
cvss3_cna_av	N	N	N
cvss3_cna_ac	L	L	L
cvss3_cna_pr	N	N	N
cvss3_cna_ui	N	N	N
cvss3_cna_s	U	U	U
cvss3_cna_c	L	L	L
cvss3_cna_i	N	N	N
cvss3_cna_a	N	N	N
url	https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a	https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a	https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
name	Upgrade	Upgrade	Upgrade
upgrade_version	2.0.0	2.0.0	2.0.0
patch_name	99aeec1efec9213e87098d42eb09439e7ee0bb6a	99aeec1efec9213e87098d42eb09439e7ee0bb6a	99aeec1efec9213e87098d42eb09439e7ee0bb6a
patch_url	https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a	https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a	https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
cve	CVE-2022-2400	CVE-2022-2400	CVE-2022-2400
cve_assigned	1657749600 (07/14/2022)	1657749600 (07/14/2022)	1657749600 (07/14/2022)
cve_cna	huntr.dev	huntr.dev	huntr.dev
cve_nvd_summary	External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.	External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.	External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.
date	1658181600 (07/19/2022)	1658181600 (07/19/2022)	1658181600 (07/19/2022)
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	N	N	N
identifier		99aeec1efec9213e87098d42eb09439e7ee0bb6a	99aeec1efec9213e87098d42eb09439e7ee0bb6a
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			L
cvss3_nvd_i			N
cvss3_nvd_a			N
cvss3_nvd_basescore			5.3

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!