GHSA-3988-h75v-hwf6

Source

https://github.com/advisories/GHSA-3988-h75v-hwf6

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-3988-h75v-hwf6/GHSA-3988-h75v-hwf6.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3988-h75v-hwf6

Published

2022-03-26T00:06:45Z

Modified

2024-12-05T05:40:06.764087Z

Summary

Arbitrary shell execution

Details

A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-26T00:06:45Z"
}

References

https://github.com/FriendsOfPHP/security-advisories/blob/master/squizlabs/php_codesniffer/2017-05-18.yaml
https://github.com/squizlabs/PHP_CodeSniffer
https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1

Affected packages

Packagist / squizlabs/php_codesniffer

Package

Name: squizlabs/php_codesniffer
Purl: pkg:composer/squizlabs/php_codesniffer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.0.1

Affected versions

3.*

3.0.0