Search by 
PKSA-2zm6-dttg-zzbh Security Advisory
-
Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
PKSA-2zm6-dttg-zzbh CVE-2018-17057
Affected package: wallabag/tcpdf
Affected version: <6.2.22
Reported by:
FriendsOfPHP/security-advisories