Lucene search
K

14 matches found

Ubuntu
Ubuntu
added 2025/06/30 4:29 a.m.8 views

USN-7603-1: Composer vulnerabilities

Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...

8.8CVSS7.5AI score0.03282EPSS
Exploits0
Amazon
Amazon
added 2024/07/18 12:0 a.m.6 views

Important: composer

Issue Overview: Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches fo...

8.8CVSS7.1AI score0.0105EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/07/11 12:0 a.m.23 views

Amazon Linux 2023 : composer (ALAS2023-2024-650)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-650 advisory. Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially...

8.8CVSS7.9AI score0.0105EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/07/01 12:0 a.m.15 views

Debian: Security Advisory (DSA-5715-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.03282EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2024/06/29 12:0 a.m.19 views

openSUSE Security Advisory (SUSE-SU-2024:2107-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.03282EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/06/21 12:0 a.m.24 views

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2106-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2106-1 advisory. - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names...

8.8CVSS8.5AI score0.03282EPSS
Exploits0References7
OSV
OSV
added 2024/06/20 2:19 p.m.17 views

SUSE-SU-2024:2106-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names bsc1226181. - CVE-2024-35242: Fixed command injection via specially crafted branch names during repository cloning bsc1226182...

8.8CVSS9.1AI score0.03282EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2024/06/20 12:0 a.m.19 views

Fedora: Security Advisory (FEDORA-2024-9ed24c98cd)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.03282EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2024/06/19 12:0 a.m.24 views

Fedora 40 : composer (2024-9ed24c98cd)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9ed24c98cd advisory. Version 2.7.7 2024-06-10 Security: Fixed command injection via malicious git branch name GHSA-47f6-5gq3-vx9c / CVE-2024-35241 Security: Fixed multip...

8.8CVSS8AI score0.03282EPSS
Exploits0References3
Debian
Debian
added 2024/06/18 9:50 p.m.14 views

[SECURITY] [DSA 5715-1] composer security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5715-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 18, 2024 https://www.debian.org/security/faq -...

8.8CVSS7.4AI score0.03282EPSS
Exploits0
Chainguard
Chainguard
added 2024/06/10 10:15 p.m.12 views

CVE-2024-35241 vulnerabilities

Vulnerabilities for packages: composer...

8.8CVSS6.8AI score0.0105EPSS
Exploits0
Wolfi
Wolfi
added 2024/06/10 10:15 p.m.151 views

CVE-2024-35241 vulnerabilities

Vulnerabilities for packages: composer...

8.8CVSS7.2AI score0.0105EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/10 9:19 p.m.20 views

CVE-2024-35241 Composer vulnerable to command injection via malicious git branch name

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are...

8.8CVSS8.8AI score0.0105EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2024/06/10 9:19 p.m.20 views

CVE-2024-35241

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are...

8.8CVSS8.9AI score0.0105EPSS
Exploits0
Rows per page
Query Builder