phpactor / vscode-phpactor

Phpactor VS Code Extension
MIT License
119 stars 8 forks source link

extension deps security vulnerabilities #143

Open ctf0 opened 1 week ago

ctf0 commented 1 week ago

i ran osv scanner and i found some security vulnerabilities with the the ext deps

https://osv.dev/GHSA-6j75-5wfj-gh66 │ 8.5 │ Packagist │ twig/twig │ v2.15.5 │

dantleech commented 1 week ago

latest version of Phpactor uses Twig 3. Although these security issues aren't really security issues with Phpactor right?

ctf0 commented 1 week ago

its a dependency security issue, yes its not related to phpactor it self but its a high risk & it might affect the user without knowing,

also highly recommend to check https://medium.com/@amitassaraf/the-story-of-extensiontotal-how-we-hacked-the-vscode-marketplace-5c6e66a0e9d7