Composer · packagist.org
aws/aws-sdk-php
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 3.385.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · aws-aws-sdk-php-994e340/src/EndpointV2/Bdd/BddNodeDecoder.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · aws-aws-sdk-php-994e340/src/EndpointV2/Bdd/BddNodeDecoder.php |
| medium | Remote Payload | matched "curl " · aws-aws-sdk-php-994e340/src/ClientResolver.php |
| medium | Remote Payload | matched "cURL " · aws-aws-sdk-php-994e340/src/Credentials/InstanceProfileProvider.php |
| medium | Remote Payload | matched "cURL " · aws-aws-sdk-php-994e340/src/RetryMiddlewareV2.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
3.385.0 | Review | 57 | 2026-06-17 |
3.384.11 | Review | 57 | 2026-06-16 |
3.384.10 | Review | 57 | 2026-06-15 |
3.384.7 | Review | 57 | 2026-06-10 |
3.384.6 | Review | 57 | 2026-06-09 |
3.384.3 | Review | 57 | 2026-06-04 |
3.383.0 | Review | 63 | 2026-05-28 |
3.382.2 | Review | 60 | 2026-05-27 |
Block this in CI
pkgradar gate --ecosystem composer aws/[email protected]