CVE-2021-20734 (Medium) detected in tecnickcom/tcpdf-6.4.1 - autoclosed
mend-bolt-for-github opened this issue · 1 comments
CVE-2021-20734 - Medium Severity Vulnerability
Vulnerable Library - tecnickcom/tcpdf-6.4.1
TCPDF is a PHP class for generating PDF documents and barcodes.
Library home page: https://api.github.com/repos/tecnickcom/TCPDF/zipball/5ba838befdb37ef06a16d9f716f35eb03cb1b329
Dependency Hierarchy:
- elibyy/tcpdf-laravel-8.1.2 (Root Library)
- ❌ tecnickcom/tcpdf-6.4.1 (Vulnerable Library)
Found in HEAD commit: 05d1ae30110c1c190ec1e984b7720a8b7f4b8c3d
Found in base branch: master
Vulnerability Details
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
Publish Date: 2021-06-22
URL: CVE-2021-20734
CVSS 3 Score Details (6.1)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20734
Release Date: 2021-06-22
Fix Resolution: 2.2.4
Step up your Open Source Security Game with WhiteSource here
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.