cbcvebase.
CVE-2022-2400
published 2022-07-18

CVE-2022-2400: External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

PriorityP427medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.91%
55.6th percentile
External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianphp-dompdf< php-dompdf 2.0.2+dfsg-1 (bookworm)php-dompdf 2.0.2+dfsg-1 (bookworm)
dompdfdompdf>= 0 < 2.0.02.0.0
dompdfdompdf_dompdf>= unspecified < 2.0.02.0.0
dompdf_projectdompdf< 2.0.02.0.0

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
osv6.5MEDIUM
vendor_ubuntu6.5MEDIUM
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.