CVE-2022-0085: Server-Side Request Forgery (SSRF)

June 28, 2022 (updated July 7, 2022)

Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. DomPDF uses file_get_contents to obtain HTTP files when allow_url_fopen is On. In default contexts, file_get_contents will redirect whenever served with a 302 response. When developers use DomPDF with isRemoteEnabled set to true and allow_url_fopen set to true, but restrict IP addresses via a deny list, it is possible for an attacker to pass in a URL which passes this deny list but serves a 302 redirect response to a restricted IP address. When this URL enters dompdf, file_get_contents() will both follow the redirection and cause an SSRF vulnerability.

References

Detect and mitigate CVE-2022-0085 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →