An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file.Referenceshttps://github.com/lhRaMk7/notebook/blob/main/phar_rce
