Miggo Logo

CVE-2022-2400: Dompdf before v2.0.0 vulnerable to chroot check bypass

5.3

CVSS Score
3.1

Basic Information

EPSS Score
0.46477%
Published
7/19/2022
Updated
7/14/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
dompdf/dompdfcomposer< 2.0.02.0.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper URI validation and chroot checks in multiple file handling functions. The pre-patch implementations used realpath() and string position checks that could be bypassed through path manipulation. The commit 99aeec1 replaced these checks with protocol-based validation rules, indicating the original functions were vulnerable to External Control of File Path (CWE-73). The affected functions were directly involved in resource loading and had insecure path validation mechanisms prior to the patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*omp** prior to v*rsion *.*.* is vuln*r**l* to * **root ****k *yp*ss, w*i** *oul* **us* *is*losur* o* pn* *n* jp** *il*s.

Reasoning

T** vuln*r**ility st*mm** *rom improp*r URI `v*li**tion` *n* **root ****ks in multipl* *il* **n*lin* `*un*tions`. T** pr*-p*t** impl*m*nt*tions us** `r**lp*t*()` *n* strin* position ****ks t**t *oul* ** *yp*ss** t*rou** p*t* m*nipul*tion. T** *ommit