EPSS
Percentile
75.3%
mpdf/mpdf is vulnerable to arbitrary code execution. The vulnerability exists through a phar:// wrapper that leads to an insecure PHP deserialization flaw, allowing an attacker to execute arbitrary code.
phar://
github.com/mpdf/mpdf/commit/20ff6399433c18233f31817ba2f35a86dd9d5e22
github.com/mpdf/mpdf/issues/949
github.com/mpdf/mpdf/pull/950