Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
friendsofphpOpenJS FoundationFRIENDSOFPHP:DOMPDF:DOMPDF:CVE-2022-41343
HistorySep 22, 2022 - 1:54 p.m.

Remote file inclusion

2022-09-2213:54:00
OpenJS Foundation
github.com
3
dompdf
fontmetrics
remote file inclusion
cve-2022-41343

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.9%

JSON

Description registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule. References https://nvd.nist.gov/vuln/detail/CVE-2022-41343 dompdf/dompdf#2994 dompdf/dompdf#2995 https://github.com/dompdf/dompdf/releases/tag/v2.0.1 dompdf/dompdf@66431c5 https://github.com/FriendsOfPHP/security-advisories/blob/master/dompdf/dompdf/CVE-2022-41343.yaml GHSA-6x28-7h8c-chx4 https://tantosec.com/blog/cve-2022-41343/

Affected configurations

Vulners
Node
dompdfdompdfRange<2.0.1
CPENameOperatorVersion
dompdf/dompdflt2.0.1

Related

cve 1
osv 2
veracode 1
githubexploit 1
ubuntucve 1
github 1
debiancve 1
cvelist 1
nvd 1
prion 1
cve
cve
CVE-2022-41343
2022-09-25 19:15:09
osv
osv
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
2022-09-26 00:00:23
CVE-2022-41343
2022-09-25 19:15:09
veracode
veracode
Remote Code Execution (RCE)
2022-09-27 05:16:03
githubexploit
githubexploit
Exploit for Files or Directories Accessible to External Parties in Dompdf Project Dompdf
2023-02-15 23:17:55
ubuntucve
ubuntucve
CVE-2022-41343
2022-09-25 00:00:00
github
github
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
2022-09-26 00:00:23
debiancve
debiancve
CVE-2022-41343
2022-09-25 19:15:09
cvelist
cvelist
CVE-2022-41343
2022-09-25 00:00:00
nvd
nvd
CVE-2022-41343
2022-09-25 19:15:09
prion
prion
Remote file inclusion
2022-09-25 19:15:00

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.9%

JSON
Related for FRIENDSOFPHP:DOMPDF:DOMPDF:CVE-2022-41343
cve1osv2veracode1githubexploit1ubuntucve1github1debiancve1cvelist1nvd1prion1