2 matches found
CVE-2026-46420 setup-php: Command Injection in Repository-Derived PHP Version Resolution
setup-php is a GitHub action to set up PHP with extensions, php.ini configuration, coverage drivers, and tools. From 2.25.0 prior to 2.37.1, shivammathur/setup-php resolves the PHP version from repository-controlled files such as .php-version, composer.lock through platform-overrides.php, and...
EUVD-2020-7208
Malware in sbrugna...