Composer · packagist.org
flow-php/flow
Php Assert String Exec: assert() called with a variable — PHP's deprecated string-exec backdoor.
Why PkgRadar flagged 0.40.0
| Severity | Signal | Evidence |
|---|---|---|
| high | Php Assert String Exec | assert() called with a variable — PHP's deprecated string-exec backdoor. · flow-php-flow-8143d2a/web/landing/content/examples/topics/types/assertions/callable/code.php |
| high | Php Assert String Exec | assert() called with a variable — PHP's deprecated string-exec backdoor. · flow-php-flow-8143d2a/web/landing/content/examples/topics/types/assertions/constrained/code.php |
| high | Php Assert String Exec | assert() called with a variable — PHP's deprecated string-exec backdoor. · flow-php-flow-8143d2a/web/landing/content/examples/topics/types/assertions/optional/code.php |
| medium | Remote Payload | matched "CURL " · flow-php-flow-8143d2a/src/bridge/phpunit/telemetry/src/Flow/Bridge/PHPUnit/Telemetry/Configuration.php |
| medium | Remote Payload | matched "curl " · flow-php-flow-8143d2a/src/bridge/symfony/telemetry-bundle/src/Flow/Bridge/Symfony/TelemetryBundle/FlowTelemetryBundle.php |
| medium | Remote Payload | matched "curl " · flow-php-flow-8143d2a/src/bridge/telemetry/otlp/src/Flow/Bridge/Telemetry/OTLP/Transport/CurlTransport.php |
| medium | Remote Payload | matched "curl " · flow-php-flow-8143d2a/src/lib/parquet-viewer/bin/parquet.php |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.40.0 | High risk | 51 | 2026-06-16 |
Block this in CI
pkgradar gate --ecosystem composer flow-php/[email protected]