CVE-2022-2400

External Control of File Name or Path in dompdf/dompdf

CVSS 5.3 MEDIUMEPSS 0.9%CWE-73

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

dompdf · dompdf/dompdf

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a https://lists.debian.org/debian-lts-announce/2023/07/msg00017.html