Davertmik

**Name of the Vulnerable Software and Affected Versions** codeception/codeception versions 4.0.0 through 4.1.21 codeception/codeception versions prior to 3.1.3 **Description** The issue affects systems that deserialize user input without validation, allowing the `RunProcess` class to be leveraged as a gadget to run arbitrary commands. **Recommendations** For versions 4.0.0 through 4.1.21, update to version 4.1.22 or later. For versions prior to 3.1.3, update to version 3.1.3 or later. As a temporary workaround, consider disabling the `RunProcess` class until a patch is available.