Researcher Name: @swapgs
For the second time of the year, somebody found a RCE on the backend services of one of the two PHP package managers. These bugs are a blast from the past and they could have allowed an attacker to backdoor every single package being downloaded.