Headline
GHSA-5hw4-m7f3-hhx8: TCPDF vulnerable to attackers triggering deserialization of arbitrary data
An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
TCPDF vulnerable to attackers triggering deserialization of arbitrary data
Critical severity GitHub Reviewed Published Oct 6, 2022 • Updated Oct 6, 2022