CVE-2024-56521

Опубликовано: 27 дек. 2024

Источник: debian

EPSS Низкий

Описание

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

Пакет	Статус	Версия исправления	Релиз	Тип
tcpdf	fixed	6.8.0+dfsg-1		package
tcpdf	no-dsa		bookworm	package
tcpdf	postponed		bullseye	package

Fixed by: https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554 (6.8.0)

EPSS

Процентиль: 40%

0.00186

Низкий

CVE-2024-56521

CVSS3: 9.8

ubuntu

около 1 года назад

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

CVE-2024-56521

CVSS3: 9.8

nvd

около 1 года назад

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.

GHSA-9mgx-552f-59p6

github

около 1 года назад

TCPDF missing certificate validation

EPSS

Процентиль: 40%

0.00186

Низкий