Tcpdf · Tcpdf · CVE-2018-17057
**Name of the Vulnerable Software and Affected Versions**
TCPDF versions prior to 6.2.22
**Description**
An issue allows attackers to trigger deserialization of arbitrary data via the `phar://` wrapper.
**Recommendations**
For versions prior to 6.2.22, update to version 6.2.22 or later to resolve the issue.