Vulnerability Database
Blog
FAQ
Docs
GHSA-g9wg-98c2-qv3v
Source
https://github.com/advisories/GHSA-g9wg-98c2-qv3v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-g9wg-98c2-qv3v/GHSA-g9wg-98c2-qv3v.json
Aliases
CVE-2024-32489
Published
2024-04-15T06:30:35Z
Modified
2024-04-15T18:43:52.534156Z
Summary
TCPDF Cross-site Scripting vulnerability
Details
TCPDF before 6.7.4 mishandles calls that use HTML syntax.
References
https://nvd.nist.gov/vuln/detail/CVE-2024-32489
https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262
https://github.com/tecnickcom/TCPDF
https://github.com/tecnickcom/TCPDF/compare/6.6.2...6.7.4
Affected packages
Packagist
/
tecnickcom/tcpdf
Package
Name
tecnickcom/tcpdf
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
The exact introduced commit is unknown
Fixed
6.7.4
Affected versions
6.*
6.0.013
6.0.014
6.0.015
6.0.016
6.0.017
6.0.018
6.0.019
6.0.020
6.0.021
6.0.022
6.0.023
6.0.024
6.0.025
6.0.026
6.0.027
6.0.028
6.0.029
6.0.030
6.0.031
6.0.032
6.0.033
6.0.034
6.0.035
6.0.036
6.0.037
6.0.038
6.0.039
6.0.040
6.0.041
6.0.042
6.0.043
6.0.044
6.0.045
6.0.046
6.0.047
6.0.048
6.0.049
6.0.050
6.0.051
6.0.052
6.0.053
6.0.054
6.0.055
6.0.056
6.0.057
6.0.058
6.0.059
6.0.060
6.0.061
6.0.062
6.0.063
6.0.064
6.0.065
6.0.066
6.0.067
6.0.068
6.0.069
6.0.070
6.0.071
6.0.072
6.0.073
6.0.074
6.0.075
6.0.076
6.0.077
6.0.078
6.0.079
6.0.080
6.0.081
6.0.082
6.0.083
6.0.084
6.0.085
6.0.086
6.0.087
6.0.088
6.0.089
6.0.090
6.0.091
6.0.092
6.0.093
6.0.094
6.0.095
6.0.096
6.0.097
6.0.098
6.0.099
6.1.0
6.1.1
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.2.10
6.2.11
6.2.12
6.2.13
6.2.16
6.2.17
6.2.19
6.2.20
6.2.21
6.2.22
6.2.23
6.2.25
6.2.26
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.4.1
6.4.2
6.4.3
6.4.4
6.5.0
6.6.0
6.6.1
6.6.2
6.6.5
6.7.2
6.7.3
GHSA-g9wg-98c2-qv3v - OSV