CVE-2024-56527: TCPDF missing character escape on error messages

December 27, 2024

An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.

References

andrea0.medium.com/analysis-of-cve-2024-56527-dbdab6962add
github.com/advisories/GHSA-qx95-cwh6-9mvq
github.com/tecnickcom/TCPDF
github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1
github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
nvd.nist.gov/vuln/detail/CVE-2024-56527
tcpdf.org/

Detect and mitigate CVE-2024-56527 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →