EPSS
Percentile
96.8%
tecnickcom/tcpdf is vulnerable to arbitrary data deserialization attack. The attack is possible because it allows the user to input arbitrary data to deserialize using via the phar:// wrapper.
phar:// wrapper
github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed