GHSA-mhfv-8rc9-w38c

Source

https://github.com/advisories/GHSA-mhfv-8rc9-w38c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-mhfv-8rc9-w38c/GHSA-mhfv-8rc9-w38c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mhfv-8rc9-w38c

Published

2022-03-26T00:06:00Z

Modified

2024-12-05T05:39:47.186469Z

Summary

Arbitrary shell execution

Details

Uses of shell_exec() and exec() were not escaping filenames and configuration settings in most cases

Database specific

{
    "nvd_published_at": null,
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-26T00:06:00Z"
}

References

Affected packages

Packagist / squizlabs/php_codesniffer

Package

Name: squizlabs/php_codesniffer
Purl: pkg:composer/squizlabs/php_codesniffer

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

2.8.1

Affected versions

1.*

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.5.0RC1

1.5.0RC2

1.5.0RC3

1.5.0RC4

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

2.*

2.0.0a1

2.0.0a2

2.0.0RC1

2.0.0RC2

2.0.0RC3

2.0.0RC4

2.0.0

2.1.0

2.2.0

2.3.0

2.3.1

2.3.2

2.3.3

2.3.4

2.4.0

2.5.0

2.5.1

2.6.0

2.6.1

2.6.2

2.7.0

2.7.1

2.8.0