CVE-2018-17057 for wallabag/tcpdf, not fixed yet

FriendsOfPHP · Oct 14, 2018 · 62a9bc6 · 62a9bc6
1 parent 94ae2ba
commit 62a9bc6
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/wallabag/tcpdf/CVE-2018-17057.yaml b/wallabag/tcpdf/CVE-2018-17057.yaml
@@ -0,0 +1,8 @@
+title:     Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
+link:      https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed
+cve:       CVE-2018-17057
+branches:
+    master:
+        time:     null
+        versions: ['<6.2.22']
+reference: composer://wallabag/tcpdf