fooman/tcpdf Security Advisories for 6.0.039 (1)
-
[CRITICAL] Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
PKSA-k83p-wvg2-hj8w CVE-2018-17057 GHSA-5hw4-m7f3-hhx8
Affected version: <6.2.22
Reported by:
FriendsOfPHP/security-advisories, GitHub