CVE-2024-22641 #724

mmuehlenhoff · 2024-05-29T10:00:28Z

This appeared in the CVE feed, it doesn't seem like it was ever reported to you though?
https://github.com/zunak/CVE-2024-22641

williamdes · 2024-05-29T10:07:46Z

typo CVE in commit name

Ref: #712

carnil · 2024-05-29T20:46:25Z

Note, that there are two distinct reports:

williamdes · 2024-06-01T08:20:43Z

Thank you @carnil
What a mess, no upstream coordination

rbro · 2024-06-28T13:19:29Z

Has CVE-2024-22641 been fixed too, or is it still pending?

zolthan · 2024-08-07T19:33:38Z

Still no new version for fixing this issue?

glennmcewan · 2024-10-16T11:07:03Z

Is there any update on this please? We're also seeing that Snyk still complains about this as being an open CVE: https://security.snyk.io/vuln/SNYK-PHP-TECNICKCOMTCPDF-7165692

williamdes · 2024-10-26T11:35:41Z

@nicolaasuni can you address this one before the next release ?

nicolaasuni · 2024-10-26T12:44:00Z

This should be sorted now.
Can you please verify?

williamdes · 2024-10-26T18:11:41Z

williamdes mentioned this issue Aug 12, 2024

Apparent ReDoS vulnerability #738

Open

Provide feedback