{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38611?format=json","vulnerability_id":"VCID-5sk2-ygqs-pbgh","summary":"Shell command injection\nA properly crafted filename would allow for arbitrary code execution when using the `--filter=gitmodified` command line option","aliases":[{"alias":"GMS-2017-132"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53565?format=json","purl":"pkg:composer/squizlabs/php_codesniffer@3.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53564?format=json","purl":"pkg:composer/squizlabs/php_codesniffer@3.0.0-a1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5sk2-ygqs-pbgh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/squizlabs/php_codesniffer@3.0.0-a1"}],"references":[{"reference_url":"https://github.com/squizlabs/PHP_CodeSniffer/commit/7ce7bb942f5667724e81a3ea99e805a30be6c05b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/squizlabs/PHP_CodeSniffer/commit/7ce7bb942f5667724e81a3ea99e805a30be6c05b"},{"reference_url":"https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/3.0.1"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5sk2-ygqs-pbgh"}