9 matches found
openSUSE 15 Security Update : php-composer (openSUSE-SU-2021:1289-1)
The remote SUSE Linux SUSE15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE-SU-2021:1289-1 advisory. - Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not...
Security update for php-composer (important)
openSUSE Security Update: Security update for php-composer Announcement ID: openSUSE-SU-2021:1289-1 Rating: important References: 1185376 1187416 Cross-References: CVE-2021-29472 CVSS scores: CVE-2021-29472 NVD : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15...
[SECURITY] [DLA 2654-1] composer security update
----------------------------------------------------------------------- Debian LTS Advisory DLA-2654-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...
CVE-2021-29472
creationtimestamp| type| source ---|---|--- 2021-05-03 16:06:16+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3253 2022-10-05 17:40:03+00:00| seen| https://t.me/truesecator/3519 2023-10-25 13:07:52+00:00| seen| https://t.me/thehackernews/1182...
Debian DSA-4907-1 : composer - security update
It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...
[SECURITY] [DSA 4907-1] composer security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4907-1 [email protected] https://www.debian.org/security/ Sebastien Delafond April 29, 2021 https://www.debian.org/security/faq -...
A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks
The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack. Tracked as CVE-2021-29472, the security issue...
CVE-2021-29472
Composer suffers from a vulnerability where Mercurial URLs in root composer.json and package source URLs are not sanitized, allowing remote code execution via HgDriver if hg/Mercurial is installed. The impact is described as higher for services passing user input (e.g., Packagist.org, Private Pac...
CVE-2021-29472 Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...