ByteOS Network

NVD Vulnerability Details :

CVE-2022-2400

Modified

More Info Official Page

Source-security@huntr.dev

Published At-18 Jul, 2022 | 15:15

Updated At-13 Jul, 2023 | 23:15

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Secondary	3.0	5.3	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Primary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.0

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CPE Matches

dompdf_project>>dompdf>>Versions before 2.0.0(exclusive)

cpe:2.3:a:dompdf_project:dompdf:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-73	Primary	security@huntr.dev

CWE ID: CWE-73

Type: Primary

Source: security@huntr.dev

References

Hyperlink	Source	Resource
https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a	security@huntr.dev	Patch Third Party Advisory
https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a	security@huntr.dev	Exploit Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00017.html	security@huntr.dev	N/A

Hyperlink: https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a

Source: security@huntr.dev

Resource:

Patch

Third Party Advisory

Hyperlink: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a

Source: security@huntr.dev

Resource:

Exploit

Issue Tracking

Patch

Third Party Advisory

Hyperlink: https://lists.debian.org/debian-lts-announce/2023/07/msg00017.html

Source: security@huntr.dev

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History