CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the settingsToParameters process. An attacker can execute arbitrary code and alter configuration by injecting newline characters into PHP INI values that are forwarded to child processes. This is only exploitable if t...

PT-2026-34558

Name of the Vulnerable Software and Affected Versions PHPUnit versions prior to 12.5.22 PHPUnit versions prior to 13.1.6 Description PHPUnit forwards PHP INI settings to child processes as -d name=value command-line arguments without neutralizing INI metacharacters. Because the PHP INI parser...

Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

Exploit for Code Injection in Phpunit_Project Phpunit

CVE-2017-9841 Laravel-RCE: CVE-2017-9841 CVE-2017-9841 é uma...

Security update for phpunit (important)

openSUSE Security Update: Security update for phpunit Announcement ID: openSUSE-SU-2026:0061-1 Rating: important References: 1257381 Cross-References: CVE-2026-24765 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description: This update...

Debian: Security Advisory (DLA-4470-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 4470-1] phpunit security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-4470-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta February 06, 2026 https://wiki.debian.org/LTS -...

[SECURITY] Fedora 42 Update: phpunit11-11.5.50-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 11 of PHPUnit, available using the phpunit11 command. Documentation: https://phpunit.de/documentation.html...

[SECURITY] Fedora 42 Update: phpunit12-12.5.8-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 12 of PHPUnit, available using the phpunit12 command. Documentation: https://phpunit.de/documentation.html...

[SECURITY] Fedora 42 Update: phpunit9-9.6.34-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 9 of PHPUnit, available using the phpunit9 command. Documentation: https://phpunit.de/documentation.html...

[SECURITY] Fedora 42 Update: phpunit10-10.5.63-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 10 of PHPUnit, available using the phpunit10 command. Documentation: https://phpunit.de/documentation.html...

Debian dla-4470 : phpunit - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4470 advisory. - ----------------------------------------------------------------------- Debian LTS Advisory DLA-4470-1 [email protected] https://www.debian.org/lts/security/...

Fedora: Security Advisory (FEDORA-2026-8c25940d05)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : phpunit11 (2026-c3b42a28dd)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-c3b42a28dd advisory. Version 11.5.50 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

Fedora 42 : phpunit10 (2026-1d1c8f5df2)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-1d1c8f5df2 advisory. Version 10.5.63 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 10.5.62 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution P...

Fedora 42 : phpunit9 (2026-a1cb6b0f95)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a1cb6b0f95 advisory. Version 9.6.34 - 2026-01-27 Fixed Regression introduced in PHPUnit 9.6.33 ---- Version 9.6.33 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE...

Fedora: Security Advisory (FEDORA-2026-8a7678fa99)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 42 : phpunit8 (2026-8a7678fa99)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-8a7678fa99 advisory. Version 8.5.52 - 2026-01-27 Changed To prevent Poisoned Pipeline Execution PPE attacks using prepared .coverage files in pull requests, a PHPT test will no...

Fedora: Security Advisory (FEDORA-2026-1d1c8f5df2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...