GHSA-g9wg-98c2-qv3v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g9wg-98c2-qv3v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-g9wg-98c2-qv3v/GHSA-g9wg-98c2-qv3v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g9wg-98c2-qv3v
- Aliases
- Published
- 2024-04-15T06:30:35Z
- Modified
- 2025-11-03T23:01:48.016737Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- TCPDF Cross-site Scripting vulnerability
- Details
-
TCPDF before 6.7.4 mishandles calls that use HTML syntax.
- Database specific
{ "severity": "MODERATE", "github_reviewed": true, "cwe_ids": [ "CWE-79", "CWE-80" ], "nvd_published_at": "2024-04-15T06:15:11Z", "github_reviewed_at": "2024-04-15T18:12:08Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-32489
- https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
- https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262
- https://github.com/tecnickcom/TCPDF
- https://github.com/tecnickcom/TCPDF/compare/6.6.2...6.7.4
- https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
Affected packages
Packagist / tecnickcom/tcpdf
Package
- Name
- tecnickcom/tcpdf
- Purl
- pkg:composer/tecnickcom/tcpdf
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.7.4
Affected versions
6.*
6.0.013
6.0.014
6.0.015
6.0.016
6.0.017
6.0.018
6.0.019
6.0.020
6.0.021
6.0.022
6.0.023
6.0.024
6.0.025
6.0.026
6.0.027
6.0.028
6.0.029
6.0.030
6.0.031
6.0.032
6.0.033
6.0.034
6.0.035
6.0.036
6.0.037
6.0.038
6.0.039
6.0.040
6.0.041
6.0.042
6.0.043
6.0.044
6.0.045
6.0.046
6.0.047
6.0.048
6.0.049
6.0.050
6.0.051
6.0.052
6.0.053
6.0.054
6.0.055
6.0.056
6.0.057
6.0.058
6.0.059
6.0.060
6.0.061
6.0.062
6.0.063
6.0.064
6.0.065
6.0.066
6.0.067
6.0.068
6.0.069
6.0.070
6.0.071
6.0.072
6.0.073
6.0.074
6.0.075
6.0.076
6.0.077
6.0.078
6.0.079
6.0.080
6.0.081
6.0.082
6.0.083
6.0.084
6.0.085
6.0.086
6.0.087
6.0.088
6.0.089
6.0.090
6.0.091
6.0.092
6.0.093
6.0.094
6.0.095
6.0.096
6.0.097
6.0.098
6.0.099
6.1.0
6.1.1
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.2.8
6.2.9
6.2.10
6.2.11
6.2.12
6.2.13
6.2.16
6.2.17
6.2.19
6.2.20
6.2.21
6.2.22
6.2.23
6.2.25
6.2.26
6.3.0
6.3.1
6.3.2
6.3.3
6.3.4
6.3.5
6.4.1
6.4.2
6.4.3
6.4.4
6.5.0
6.6.0
6.6.1
6.6.2