Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2022-24828
HistoryApr 13, 2022 - 9:15 p.m.

CVE-2022-24828

2022-04-1321:15:00
Alpine Linux Development Team
security.alpinelinux.org
31

0.003 Low

EPSS

Percentile

65.1%

JSON

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where the composer.json’s readme field can be used as a vector for injecting parameters into hg/Mercurial via the $file argument, or git via the $identifier argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call getFileContent with arbitrary data into $file/$identifier. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.

Related

openvas 5
fedora 3
nessus 4
prion 1
suse 2
debiancve 1
friendsofphp 1
osv 3
cve 1
cvelist 1
veracode 1
ubuntucve 1
freebsd 1
github 1
thn 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3020-1)
2022-09-05 00:00:00
Fedora: Security Advisory for composer (FEDORA-2022-617a6df23e)
2022-04-22 00:00:00
Fedora: Security Advisory for composer (FEDORA-2022-47d2e7da46)
2022-04-22 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: composer-2.3.5-1.fc35
2022-04-21 21:22:30
[SECURITY] Fedora 36 Update: composer-2.3.5-1.fc36
2022-05-07 05:00:15
[SECURITY] Fedora 34 Update: composer-2.2.12-1.fc34
2022-04-21 20:57:39
nessus
nessus
FreeBSD : Composer -- Command injection vulnerability (24a9bd2b-bb43-11ec-af81-0897988a1c07)
2022-04-13 00:00:00
SUSE SLES15 Security Update : php-composer2 (SUSE-SU-2022:3020-1)
2022-09-06 00:00:00
openSUSE 15 Security Update : php-composer (openSUSE-SU-2022:0132-1)
2022-05-11 00:00:00
prion
prion
Code injection
2022-04-13 21:15:00
suse
suse
Security update for php-composer2 (important)
2022-09-05 00:00:00
Security update for php-composer (important)
2022-05-10 00:00:00
debiancve
debiancve
CVE-2022-24828
2022-04-13 21:15:00
friendsofphp
friendsofphp
Missing input validation can lead to command execution in composer
2022-04-13 14:54:58
osv
osv
Missing input validation can lead to command execution in composer
2022-04-22 20:15:38
CVE-2022-24828
2022-04-13 21:15:07
BIT-composer-2022-24828
2024-03-06 10:51:15
cve
cve
CVE-2022-24828
2022-04-13 21:15:00
cvelist
cvelist
CVE-2022-24828 Missing input validation can lead to command execution in composer
2022-04-13 21:00:22
veracode
veracode
Remote Code Execution (RCE)
2022-04-14 07:25:40
ubuntucve
ubuntucve
CVE-2022-24828
2022-04-13 00:00:00
freebsd
freebsd
Composer -- Command injection vulnerability
2022-04-13 00:00:00
github
github
Missing input validation can lead to command execution in composer
2022-04-22 20:15:38
thn
thn
Researchers Report Supply Chain Vulnerability in Packagist PHP Repository
2022-10-04 15:09:00

0.003 Low

EPSS

Percentile

65.1%

JSON
Related for ALPINE:CVE-2022-24828
openvas5fedora3nessus4prion1suse2debiancve1friendsofphp1osv3cve1cvelist1veracode1ubuntucve1freebsd1github1thn1