April 4, 2022 By Pierluigi Paganini
SonarSource discovered a 15-year-old flaw in the PEAR PHP repository that could have enabled supply chain attacks.
Researchers from SonarSource discovered two 15-year-old security flaws in the PEAR (PHP Extension and Application Repository) repository that could have enabled supply chain attacks.
PEAR is a framework and distribution system for reusable PHP components.
According to the expert, the critical vulnerability in a central component of the PHP supply chain could have been easily exploited by low-skilled threat actors to cause important disruption.
