CVE-2021-20734 (Medium) detected in tecnickcom/tcpdf-6.4.1 - autoclosed

Question

CVE-2021-20734 (Medium) detected in tecnickcom/tcpdf-6.4.1 - autoclosed

mend-bolt-for-github opened this issue 3 years ago · 1 comments

mend-bolt-for-github commented 3 years ago

CVE-2021-20734 - Medium Severity Vulnerability

Vulnerable Library - tecnickcom/tcpdf-6.4.1

TCPDF is a PHP class for generating PDF documents and barcodes.

Library home page: https://api.github.com/repos/tecnickcom/TCPDF/zipball/5ba838befdb37ef06a16d9f716f35eb03cb1b329

Dependency Hierarchy:

elibyy/tcpdf-laravel-8.1.2 (Root Library)
- ❌ tecnickcom/tcpdf-6.4.1 (Vulnerable Library)

Found in HEAD commit: 05d1ae30110c1c190ec1e984b7720a8b7f4b8c3d

Found in base branch: master

Vulnerability Details

Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

Publish Date: 2021-06-22

URL: CVE-2021-20734

CVSS 3 Score Details (6.1)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20734

Release Date: 2021-06-22

Fix Resolution: 2.2.4

Step up your Open Source Security Game with WhiteSource here

Answer 1 · 2021-06-29T21:15:56.000Z

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.