tecnickcom/tcpdf Security Advisories for 6.0.075 (8)
-
[MEDIUM] TCPDF has incorrect comparison
PKSA-wb9y-hg45-chz4 CVE-2024-56522 GHSA-w95c-7994-ghpr
Affected version: <6.8.0
Reported by:
GitHub -
[MEDIUM] TCPDF missing character escape on error messages
PKSA-ys59-hzk7-wxt5 CVE-2024-56527 GHSA-qx95-cwh6-9mvq
Affected version: <6.8.0
Reported by:
GitHub -
[MEDIUM] TCPDF lacks SVG sanitization
PKSA-tdkc-7xrw-d14c CVE-2024-56519 GHSA-4p8j-vhjm-6pvw
Affected version: <6.8.0
Reported by:
GitHub -
[HIGH] TCPDF missing certificate validation
PKSA-98jj-zbnk-dgwp CVE-2024-56521 GHSA-9mgx-552f-59p6
Affected version: <6.8.0
Reported by:
GitHub -
[MEDIUM] TCPDF Local File Inclusion vulnerability
PKSA-62dz-rc7r-pb8r CVE-2024-51058 GHSA-rmv2-8jjc-23xw
Affected version: <=6.7.5
Reported by:
GitHub -
[MEDIUM] TCPDF vulnerable to Regular Expression Denial of Service
PKSA-jwjn-w3mx-tq38 CVE-2024-22640 GHSA-mx3p-fhpw-x6rv
Affected version: <=6.7.4
Reported by:
GitHub -
[MEDIUM] TCPDF Cross-site Scripting vulnerability
PKSA-d3g2-dzgm-n74r CVE-2024-32489 GHSA-g9wg-98c2-qv3v
Affected version: <6.7.4
Reported by:
GitHub -
[CRITICAL] Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
PKSA-jvj8-gbfh-v875 CVE-2018-17057 GHSA-5hw4-m7f3-hhx8
Affected version: <6.2.22
Reported by:
GitHub, FriendsOfPHP/security-advisories