Server-Side Request Forgery (SSRF) in dompdf/dompdf
CVE-2022-0085

3.7LOW

Key Information:

Vendor: DomPDF
Status: DomPDF/domPDF
Vendor: CVE Published:; 28 June 2022

🔔 Create DomPDF Vulnerability Alert

What is CVE-2022-0085?

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

Affected Version(s)

dompdf/dompdf < 2.0.0

References

https://huntr.dev/bounties/73dbcc78-5ba9-492f-9133-13bbc9...

x_refsource_CONFIRM

https://github.com/dompdf/dompdf/commit/bb1ef65011a14730b...

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2022
Vulnerability Reserved
Jan 3, 2022

.

CVE-2022-0085 : Server-Side Request Forgery (SSRF) in dompdf/dompdf