{"vulnerability": "cve-2022-41343", "sightings": [{"uuid": "f86b412b-bb4d-4653-a4d1-657ba3ab9674", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41343", "type": "seen", "source": "https://t.me/cibsecurity/50457", "content": "\u203c CVE-2022-41343 \u203c\n\nregisterFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-25T22:21:21.000000Z"}, {"uuid": "2292bac8-ceac-4da0-aa3c-d0f9aa1f4a10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41343", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/171", "content": "Top Security News for 07/10/2022\n\nDetails Released for Recently Patched new macOS Archive Utility Vulnerability\nhttps://thehackernews.com/2022/10/details-released-for-recently-patched.html \n\nNetWalker Ransomware Scumbag Jailed For 20 Years\nhttps://packetstormsecurity.com/news/view/33919/NetWalker-Ransomware-Scumbag-Jailed-For-20-Years.html \n\nISC StormCast for Friday, October 7th, 2022\nhttps://isc.sans.edu/podcastdetail.html?id=8204 \n\nGovernment considers centralising digital ID verification on myGov in wake of Optus breach\nhttps://www.theguardian.com/technology/2022/oct/07/government-considers-centralising-digital-id-verification-on-mygov-in-wake-of-optus-breach \n\nCVE-2022-41343 - RCE via Phar Deserialisation (Dompdf)\nhttps://www.reddit.com/r/netsec/comments/xwyf9o/cve202241343_rce_via_phar_deserialisation_dompdf/ \n\nFully loaded: testing vulnerable PyYAML versions\nhttps://www.reddit.com/r/netsec/comments/xxc2aa/fully_loaded_testing_vulnerable_pyyaml_versions/ \n\nDashlane launches new Dark Web Insights tool, MFA authenticator app, small biz Starter plan\nhttps://www.csoonline.com/article/3675559/dashlane-launches-new-dark-web-insights-tool-mfa-authenticator-app-small-biz-starter-plan.html#tk.rss_all \n\nFormer Uber Security Chief Found Guilty of Data Breach Coverup\nhttps://thehackernews.com/2022/10/former-uber-security-chief-found-guilty.html \n\nTransUnion taps behavioral analytics to aid fraud detection, curb false positives\nhttps://www.csoonline.com/article/3675955/transunion-taps-behavioral-analytics-to-aid-fraud-detection-curb-false-positives.html#tk.rss_all \n\nRansomware review: September 2022\nhttps://www.malwarebytes.com/blog/threat-intelligence/2022/10/ransomware-review-september-2022 \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2022-10-07T07:00:05.000000Z"}, {"uuid": "f3e4378b-5233-4846-b986-0d2282b4c8c4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41343", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/6562", "content": "CVE-2022-41343 - RCE via Phar Deserialisation (Dompdf) \n\nhttps://tantosec.com/blog/cve-2022-41343/", "creation_timestamp": "2022-10-06T13:31:23.000000Z"}, {"uuid": "a6479866-efcc-46f8-954c-61b5beb4ac1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-41343", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6936", "content": "#exploit\n1. CVE-2022-41343:\nRCE via Phar Deserialisation\nhttps://tantosec.com/blog/cve-2022-41343\n\n2. CVE-2021-29156:\nForgeRock OpenAM - LDAP injection via the Webfinger protocol\nhttps://github.com/5amu/CVE-2021-29156", "creation_timestamp": "2022-10-08T13:12:01.000000Z"}]}