286 matches found
UBUNTU-CVE-2026-40261
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
CVE-2026-40261
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
CVE-2026-40261
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
CVE-2026-40261
CVE-2026-40261 affects the PHP package manager Composer. Affected are Composer versions 1.0–2.2.26 and 2.3–2.9.5, where Perforce::syncCodeBase() and Perforce::generateP4Command() construct shell commands by unsafe interpolation of input (sourceReference, source URL) into commands. This enables co...
CVE-2026-40261
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
CVE-2026-40261
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...
CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...
CVE-2026-40176
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...
CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...
CVE-2026-40176
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...
CVE-2026-40176
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...
CVE-2026-40176
CVE-2026-40176 affects Composer (PHP dependency manager). The vulnerability lies in Perforce integration: Perforce::generateP4Command() constructs shell commands by interpolating user-supplied Perforce connection parameters (port, user, client) without proper escaping, enabling command injection....
Linux Distros Unpatched Vulnerability : CVE-2026-40261
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the...
Linux Distros Unpatched Vulnerability : CVE-2026-40176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the...
Composer 安全漏洞
Composer is an open-source application developed by Composer. It provides a tool for declaring, managing, and installing dependencies of PHP projects. Versions 1.0 to 2.2.26, as well as 2.3 to 2.9.5 of Composer, have security vulnerabilities. These vulnerabilities stem from a command injection...
Composer 安全漏洞
Composer is an open-source application developed by Composer. It provides a tool for declaring, managing, and installing dependencies of PHP projects. Versions of Composer from 1.0 to 2.2.26, as well as from 2.3 to 2.9.5, have security vulnerabilities. These vulnerabilities stem from command...
Composer has a command injection via malicious perforce repository
Impact The Perforce::generateP4Command method constructed shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping. An attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository...
Command Injection
Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the generateP4Command function. An...