-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from the highlight method in Pygmentize.php where user input ($code and $lang) is passed to proc_open without adequate sanitization. The proof-of-concept in GHSA-77mv-mp2j-gxxh demonstrates RCE via arguments like ';uname -a #', and the fix in PR#3 explicitly adds escapeshellarg to individual arguments. The function's direct involvement in command construction and the documented exploit confirm its vulnerability.
PHPPHP| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| 3f/pygmentize | composer | < 1.2 | 1.2 |
Ongoing coverage of React2Shell