SB2023021614 - Multiple vulnerabilities in Dompdf

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2022-0085)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

2) External Control of File Name or Path (CVE-ID: CVE-2022-2400)

The vulnerability allows a remote attacker to view arbitrary images on the system.

The vulnerability exists due to application allows an attacker to control path of the files to include into the generated PDF output. A remote attacker can pass a specially crafted path to the application and include arbitrary images from the server into the resulting PDF file.

Remediation

Install update from vendor's website.

References

• https://github.com/dompdf/dompdf/commit/bb1ef65011a14730b7cfbe73506b4bb8a03704bd
• https://huntr.dev/bounties/73dbcc78-5ba9-492f-9133-13bbc9f31236
• https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
• https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a