Composer · packagist.org
extport/protobuf
Php Base64 Eval Chain: base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload.
Why PkgRadar flagged 34.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Base64 Eval Chain | base64/gz/hex decode combined with eval/exec/backticks — classic PHP obfuscated payload. · extport-protobuf-32a31f0/src/php/tests/memory_leak_test.php |
| high | Php Assert String Exec | assert() called with a variable — PHP's deprecated string-exec backdoor. · extport-protobuf-32a31f0/src/php/tests/memory_leak_test.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
34.0 | High risk | 85 | 2026-06-14 |
34.1 | High risk | 85 | 2026-06-14 |
34.2 | High risk | 85 | 2026-06-14 |
35.0 | High risk | 85 | 2026-06-14 |
35.1 | High risk | 85 | 2026-06-14 |
Related campaigns
- php_assert_string_exec:assert() called with a variable — php's deprecated string-exec backdoor. — 31 releases, max score 169
Block this in CI
pkgradar gate --ecosystem composer extport/[email protected]