Supply Chain Incident

PHP source repository backdoor attempt

Attackers pushed malicious commits to the PHP source repository that would have introduced a backdoor if accepted into releases.

ConfidenceHigh

Evidence LevelVendor

Attack StageSource Compromise

Source Artifact DivergenceNo

Affected Packages

No structured records.

Affected Releases

No structured records.

Repositories

php/php-src

Organizations

PHP project

Maintainers

No structured records.

Threat Actors

No structured records.

Campaigns

No structured records.

Build Systems

No structured records.

Distribution Channels

Source repository

Compromised Accounts

PHP git server commit identity

Connected Entities

PHP git server commit identity Compromised Account
PHP project Organization
php/php-src Repository
Source repository Distribution Channel

References

PHP Git server compromise notice PHP.net · 2021-03-28