CVE-2018-17057

Опубликовано: 14 сент. 2018

Источник: debian

EPSS Средний

Описание

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Пакет	Статус	Версия исправления	Релиз	Тип
tcpdf	fixed	6.2.26+dfsg-1		package
tcpdf	no-dsa		stretch	package
tcpdf	ignored		jessie	package

https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26e
Was considered minor for jessie since arbitrary deserialization
is still possible using http and https.

EPSS

Процентиль: 98%

0.51836

Средний

CVE-2018-17057

CVSS3: 9.8

ubuntu

больше 7 лет назад

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

CVE-2018-17057

CVSS3: 9.8

nvd

больше 7 лет назад

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

GHSA-5hw4-m7f3-hhx8

CVSS3: 9.8

github

больше 3 лет назад

TCPDF vulnerable to attackers triggering deserialization of arbitrary data

EPSS

Процентиль: 98%

0.51836

Средний