Code security company SonarSource has published details on a severe vulnerability impacting Packagist, which could have been abused to mount supply chain attacks targeting the PHP community. Packagist is the default repository for PHP dependency manager Composer, aggregating public PHP packages that can be installed using Composer. Each month, Composer is used to download more than 2 billion packages. According to Sonar’s security researchers, the recently identified vulnerability could have been used to hijack over 100 million requests to distribute malicious dependencies, leading to the potential compromise of millions of servers. More information: https://www.securityweek.com/critical-packagist-vulnerability-could-have-allowed-php-supply-chain-attack
Comment: Critical Packagist Vulnerability Opened Door for PHP Supply Chain Attack
Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics