2024-05-05 00:00:00
mitre
PUBLISHED
image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists().