-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe primary vulnerability stems from the malicious package's autoloaded Process class constructor. When developers instantiate Symfony\Process\Process (thinking they're using the legitimate symfony/process package), the constructor executes malware that: 1) Exfiltrates server environment data 2) Contains logic to activate a web shell when a specific token is detected in requests. The tests/test.php file contains this malicious implementation, making the __construct method the key vulnerable entry point.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| symfont/process | composer | >= 0 |
A Semantic Attack on Google Gemini - Read the Latest Research