Publish GHSA-mx3p-fhpw-x6rv

advisory-database[bot] · advisory-database[bot] · commit 36026967ab5a · 2025-11-04T16:14:08.000Z
diff --git a/advisories/github-reviewed/2024/04/GHSA-mx3p-fhpw-x6rv/GHSA-mx3p-fhpw-x6rv.json b/advisories/github-reviewed/2024/04/GHSA-mx3p-fhpw-x6rv/GHSA-mx3p-fhpw-x6rv.json
@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mx3p-fhpw-x6rv",
-  "modified": "2024-06-11T20:59:17Z",
+  "modified": "2025-11-04T16:12:15Z",
   "published": "2024-04-19T18:31:11Z",
   "aliases": [
     "CVE-2024-22640"
   ],
   "summary": "TCPDF vulnerable to Regular Expression Denial of Service",
   "details": "TCPDF version <= 6.7.4 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -50,6 +55,10 @@
       "type": "WEB",
       "url": "https://github.com/zunak/CVE-2024-22640"
     },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html"
+    },
     {
       "type": "WEB",
       "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB"
