Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nOXdnLTk4YzItcXYzds4AA6-z
TCPDF Cross-site Scripting vulnerability
TCPDF before 6.7.4 mishandles calls that use HTML syntax.
Permalink: https://github.com/advisories/GHSA-g9wg-98c2-qv3vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nOXdnLTk4YzItcXYzds4AA6-z
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 8 months ago
Updated: 3 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-g9wg-98c2-qv3v, CVE-2024-32489
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-32489
- https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
- https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262
- https://github.com/tecnickcom/TCPDF/compare/6.6.2...6.7.4
- https://github.com/advisories/GHSA-g9wg-98c2-qv3v
Blast Radius: 23.0
Affected Packages
packagist:tecnickcom/tcpdf
Dependent packages: 431Dependent repositories: 5,837
Downloads: 71,512,639 total
Affected Version Ranges: < 6.7.4
Fixed in: 6.7.4
All affected versions: 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.34, 6.0.35, 6.0.36, 6.0.37, 6.0.38, 6.0.39, 6.0.40, 6.0.41, 6.0.42, 6.0.43, 6.0.44, 6.0.45, 6.0.46, 6.0.47, 6.0.48, 6.0.49, 6.0.50, 6.0.51, 6.0.52, 6.0.53, 6.0.54, 6.0.55, 6.0.56, 6.0.57, 6.0.58, 6.0.59, 6.0.60, 6.0.61, 6.0.62, 6.0.63, 6.0.64, 6.0.65, 6.0.66, 6.0.67, 6.0.68, 6.0.69, 6.0.70, 6.0.71, 6.0.72, 6.0.73, 6.0.74, 6.0.75, 6.0.76, 6.0.77, 6.0.78, 6.0.79, 6.0.80, 6.0.81, 6.0.82, 6.0.83, 6.0.84, 6.0.85, 6.0.86, 6.0.87, 6.0.88, 6.0.89, 6.0.90, 6.0.91, 6.0.92, 6.0.93, 6.0.94, 6.0.95, 6.0.96, 6.0.97, 6.0.98, 6.0.99, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.16, 6.2.17, 6.2.19, 6.2.20, 6.2.21, 6.2.22, 6.2.23, 6.2.25, 6.2.26, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.5.0, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.7.0, 6.7.1, 6.7.2, 6.7.3
All unaffected versions: 6.7.4, 6.7.5, 6.7.6, 6.7.7