CVE-2024-51058: TCPDF Local File Inclusion vulnerability

November 26, 2024

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server’s file system through src tag, potentially exposing sensitive information.

References

github.com/advisories/GHSA-rmv2-8jjc-23xw
github.com/saravana-hackz/vulnerability-research/tree/main/CVE-2024-51058
github.com/tecnickcom/TCPDF
github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b
nvd.nist.gov/vuln/detail/CVE-2024-51058

Code Behaviors & Features

Detect and mitigate CVE-2024-51058 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →