CVE-2024-56521
CVSS 3.1 Score 9.8 of 10 (high)
Details
Published Dec 27, 2024
Updated: Dec 31, 2024
CWE ID 295
Summary
CVE-2024-56521 is a newly identified vulnerability in TCPDF before version 6.8.0. This issue arises when using libcurl in an unsafe manner. Specifically, if CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are not correctly configured, the SSL certificate verification process can be bypassed, potentially leading to man-in-the-middle attacks or data theft. The consequences of this vulnerability depend on the specific context of its exploitation, underscoring the importance of securely configuring SSL options when using TCPDF with libcurl.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share