Zunak

**Name of the Vulnerable Software and Affected Versions** TCPDF versions 6.6.5 and earlier **Description** The issue arises when parsing an untrusted SVG file, leading to a ReDoS (Regular Expression Denial of Service) condition. This occurs due to the inefficient handling of regular expressions within the TCPDF library, specifically when it encounters maliciously crafted SVG files. The ReDoS condition can cause the application to consume excessive resources, resulting in a denial-of-service state. **Recommendations** For TCPDF versions 6.6.5 and earlier, consider updating to a version that addresses this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TCPDF versions <= 6.6.5 **Description** The issue concerns a ReDoS (Regular Expression Denial of Service) vulnerability that occurs when parsing an untrusted HTML page with a crafted color. This can lead to a denial of service. **Recommendations** For TCPDF versions <= 6.6.5, as a temporary workaround, consider avoiding the parsing of untrusted HTML pages until a patch is available. Restrict access to the HTML parsing functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** karlomikus Bar Assistant versions prior to 3.2.0 **Description** The issue is related to a Blind Server-Side Request Forgery (SSRF) vulnerability. It does not validate a parameter before making a request through `Image::make()`, which could allow authenticated remote attackers to execute arbitrary code. **Recommendations** For versions prior to 3.2.0, update to version 3.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Image::make()` function until a patch is available.