Composer · packagist.org
chiiya/passes
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 1.3.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · chiiya-passes-1622979/src/Apple/PassFactory.php |
| high | Php Shell With Decode | exec / system / shell_exec combined with base64/hex decode. · chiiya-passes-1622979/src/Apple/PassFactory.php |
| high | Php Backtick With Decode | Backtick shell-out combined with base64/hex decode. · chiiya-passes-1622979/src/Apple/PassFactory.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.3.0 | High risk | 52 | 2026-05-30 |
1.4.0 | High risk | 52 | 2026-05-30 |
Related campaigns
- php_backtick_with_decode:backtick shell-out combined with base64/hex decode. — 148 releases, max score 186
- Elisha Witte — 2 releases, max score 73
Block this in CI
pkgradar gate --ecosystem composer chiiya/[email protected]