dompdf up to 1.x file inclusion

A vulnerability was found in dompdf up to 1.x and classified as problematic. Affected by this issue is an unknown functionality. Upgrading to version 2.0.0 eliminates this vulnerability. Applying the patch 99aeec1efec9213e87098d42eb09439e7ee0bb6a is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.

Field07/19/2022 11:18 AM08/06/2022 01:49 PM08/06/2022 01:55 PM
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss3_cna_basescore5.35.35.3
cvss2_vuldb_basescore5.05.05.0
cvss2_vuldb_tempscore4.44.44.4
cvss3_vuldb_basescore5.35.35.3
cvss3_vuldb_tempscore5.15.15.1
cvss3_meta_basescore5.35.35.3
cvss3_meta_tempscore5.25.25.2
price_0day$0-$5k$0-$5k$0-$5k
namedompdfdompdfdompdf
version<=1.x<=1.x<=1.x
cwe73 (file inclusion)73 (file inclusion)73 (file inclusion)
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
cvss3_cna_avNNN
cvss3_cna_acLLL
cvss3_cna_prNNN
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cLLL
cvss3_cna_iNNN
cvss3_cna_aNNN
urlhttps://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202ahttps://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202ahttps://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
nameUpgradeUpgradeUpgrade
upgrade_version2.0.02.0.02.0.0
patch_name99aeec1efec9213e87098d42eb09439e7ee0bb6a99aeec1efec9213e87098d42eb09439e7ee0bb6a99aeec1efec9213e87098d42eb09439e7ee0bb6a
patch_urlhttps://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6ahttps://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6ahttps://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
cveCVE-2022-2400CVE-2022-2400CVE-2022-2400
cve_assigned1657749600 (07/14/2022)1657749600 (07/14/2022)1657749600 (07/14/2022)
cve_cnahuntr.devhuntr.devhuntr.dev
cve_nvd_summaryExternal Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
identifier99aeec1efec9213e87098d42eb09439e7ee0bb6a99aeec1efec9213e87098d42eb09439e7ee0bb6a
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cL
cvss3_nvd_iN
cvss3_nvd_aN
cvss3_nvd_basescore5.3

Do you need the next level of professionalism?

Upgrade your account now!