A vulnerability was found in php-censor up to 2.1.6. This affects an unknown function of the file src/Model/Build/GitBuild.php of the component Webhook Endpoint…

A critical vulnerability has been discovered in php-censor versions up to 2.1.6. The vulnerability affects the GitBuild.php file in the Webhook Endpoint component, where manipulation of the commitId argument leads to OS command injection. This vulnerability can be exploited remotely and the exploit code has been made publicly available. The vulnerability exists in an unknown function of the src/Model/Build/GitBuild.php file. A patch has been released with commit hash cd68d102601320bd319d590b75f7652e66f0685f and immediate application is recommended to prevent potential exploitation.