5 matches found
Security update for php-composer2
This update for php-composer2 fixes the following issues CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: version update to 2.2.27 align...
CVE-2026-40176 vulnerabilities
Vulnerabilities for packages: composer...
CVE-2026-40176 vulnerabilities
Vulnerabilities for packages: composer...
CVE-2026-40176
A flaw was found in Composer. Perforce::generateP4Command constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping, allowing an attacker to inject arbitrary commands through these values in a malicious composer.json declari...
Fedora 43 : composer (2026-02c1f66b6a)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-02c1f66b6a advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...