The 2021 Pwnie Nominee For Most Under-Hyped Research

Supply Chain Attack on Composer

Researcher Names: Thomas Chauchefoin


The research discovered vulnerabilities in the central PHP package repository that could have been used to compromise one of the most significant development ecosystems. This is not another code vulnerability that impacts only one software or one company and its supply chain. When carefully exploited with malicious intent, it holds the potential to compromise and backdoor all PHP packages and, with that, almost all code developing companies in the world. That’s some excellent coverage for just a few PHP repository bugs.