CVE-2022-0085

Description

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0.

How to fix CVE-2022-0085

To remediate CVE-2022-0085, upgrade the affected package to a fixed version below.

• Packagist/dompdf/dompdf—upgrade to 2.0.0 or later

Is CVE-2022-0085 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.0.0

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-0085
• PATCHgithub.com/dompdf/dompdf
• WEBgithub.com/dompdf/dompdf/commit/bb1ef65011a14730b7cfbe73506b4bb8a03704bd
• WEBgithub.com/FriendsOfPHP/security-advisories/blob/master/dompdf/dompdf/CVE-2022-0085.yaml