Affected script: "install-scripts:post-install-cmd"
The script tries to install a package using Phive, a tool for managing PHAR (PHP Archive) files in PHP projects. However, this script executes the --force-accept-unsigned
option, which indicates that it automatically accepts all unverifiable PHARs. This is a security vulnerability as it opens up the risk of accepting malicious PHARs which could introduce undesirable behaviour or compromise the system's security. Moreover, it trusts certain GPG keys which could potentially be from untrustworthy sources. Thus, validating the source of these GPG keys is critical to ensure security.
sitepark/github-composer-release-test
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|