AIKIDO-2024-10399

tecnickcom/tcpdf is vulnerable to Path Traversal

46

Medium

tecnickcom/tcpdf php

AIKIDO-2024-10399: tecnickcom/tcpdf is vulnerable to Path Traversal in versions 2.0.000 - 6.7.5.

Path Traversal
Vuln in 2.0.000 - 6.7.5
Fixed in 6.7.6
No CVE available
TL;DR

Affected versions of this package are vulnerable to path traversal when handling image tags in the openHTMLTagHandler function.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade tecnickcom/tcpdf library to patch version.

Background info

Link to vendor website

Logo
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US