VYPR

composer · Malicious package advisory

Malware

symfont/process

PKG-PKSA-wpcn-xgr1-6573

Prevent installation typosquatting malware

Details

**Severity:** High

**Affected versions:** >=0,<1|>=1,<2|>=2,<3|>=3,<4

**Source:** [FriendsOfPHP/security-advisories](https://www.kernelmode.blog/typosquatting-malware-found-in-composer-repository/)

**Remote ID:** symfont/process/2021-09-10.yaml

Compromised versions (1)

  • >=0,<1|>=1,<2|>=2,<3|>=3,<4

Any computer that installed or ran a compromised version should be considered fully compromised. Rotate every secret on that machine from a clean environment.