Arbitrary shell execution · GHSA-3988-h75v-hwf6 · GitHub Advisory Database · GitHub

Arbitrary shell execution

High severity GitHub Reviewed Published Mar 26, 2022 to the GitHub Advisory Database • Updated Jan 11, 2023

Package

squizlabs/php_codesniffer (Composer)

Affected versions

>= 3.0.0, < 3.0.1

Patched versions

3.0.1

Description

A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option

References

Published to the GitHub Advisory Database Mar 26, 2022

Reviewed Mar 26, 2022

Last updated Jan 11, 2023