knplabs/knp-snappy Security Advisories for 0.1.0 (4)
-
[HIGH] Snappy: Binary path is never shell-escaped due to an inverted is_executable check
PKSA-13wp-m816-mvdd CVE-2026-46643 GHSA-vpr4-p6fq-85jc
Affected version: <=1.7.0
Reported by:
GitHub -
[MEDIUM] Snappy : SSRF and local file read via the xsl-style-sheet option
PKSA-p1pz-jv1j-6msg CVE-2026-46683 GHSA-c5fp-p67m-gq56
Affected version: <=1.6.0
Reported by:
GitHub -
[CRITICAL] Snappy PHAR deserialization vulnerability
PKSA-cd3f-fj3y-g547 CVE-2023-41330 GHSA-92rv-4j2h-8mjj
Affected version: <=1.4.2
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[CRITICAL] PHAR deserialization allowing remote code execution
PKSA-sdn5-dtyj-96rq CVE-2023-28115 GHSA-gq6w-q6wh-jggc
Affected version: <1.4.2
Reported by:
GitHub, FriendsOfPHP/security-advisories