Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1ybXYyLThqamMtMjN4d84ABBy0
TCPDF Local File Inclusion vulnerability
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through src tag, potentially exposing sensitive information.
Permalink: https://github.com/advisories/GHSA-rmv2-8jjc-23xwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1ybXYyLThqamMtMjN4d84ABBy0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 14 days ago
Updated: 14 days ago
CVSS Score: 6.2
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Percentage: 0.00045
EPSS Percentile: 0.17556
Identifiers: GHSA-rmv2-8jjc-23xw, CVE-2024-51058
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-51058
- https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b
- https://github.com/saravana-hackz/vulnerability-research/tree/main/CVE-2024-51058
- https://github.com/tecnickcom/TCPDF
- https://github.com/advisories/GHSA-rmv2-8jjc-23xw
Blast Radius: 23.4
Affected Packages
packagist:tecnickcom/tcpdf
Dependent packages: 431Dependent repositories: 5,837
Downloads: 72,072,428 total
Affected Version Ranges: <= 6.7.5
Fixed in: 6.7.6
All affected versions: 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.34, 6.0.35, 6.0.36, 6.0.37, 6.0.38, 6.0.39, 6.0.40, 6.0.41, 6.0.42, 6.0.43, 6.0.44, 6.0.45, 6.0.46, 6.0.47, 6.0.48, 6.0.49, 6.0.50, 6.0.51, 6.0.52, 6.0.53, 6.0.54, 6.0.55, 6.0.56, 6.0.57, 6.0.58, 6.0.59, 6.0.60, 6.0.61, 6.0.62, 6.0.63, 6.0.64, 6.0.65, 6.0.66, 6.0.67, 6.0.68, 6.0.69, 6.0.70, 6.0.71, 6.0.72, 6.0.73, 6.0.74, 6.0.75, 6.0.76, 6.0.77, 6.0.78, 6.0.79, 6.0.80, 6.0.81, 6.0.82, 6.0.83, 6.0.84, 6.0.85, 6.0.86, 6.0.87, 6.0.88, 6.0.89, 6.0.90, 6.0.91, 6.0.92, 6.0.93, 6.0.94, 6.0.95, 6.0.96, 6.0.97, 6.0.98, 6.0.99, 6.1.0, 6.1.1, 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.16, 6.2.17, 6.2.19, 6.2.20, 6.2.21, 6.2.22, 6.2.23, 6.2.25, 6.2.26, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.5.0, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.7.0, 6.7.1, 6.7.2, 6.7.3, 6.7.4, 6.7.5
All unaffected versions: 6.7.6, 6.7.7