Lucene search
K

15 matches found

Ubuntu
Ubuntu
added 2025/06/30 4:29 a.m.8 views

USN-7603-1: Composer vulnerabilities

Thomas Chauchefoin discovered that Composer did not correctly handle certain arguments. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. CVE-2022-24828, CVE-2023-43655 Ed Cradoc...

8.8CVSS7.5AI score0.03282EPSS
Exploits0
OpenVAS
OpenVAS
added 2025/06/30 12:0 a.m.4 views

Ubuntu: Security Advisory (USN-7603-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.5AI score0.03282EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 9:48 p.m.12 views

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

8.8CVSS7.3AI score0.01857EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/10/04 3:9 p.m.43 views

Researchers Report Supply Chain Vulnerability in Packagist PHP Repository

Researchers have disclosed details about a now-patched high-severity security flaw in Packagist, a PHP software package repository, that could have been exploited to mount software supply chain attacks. "This vulnerability allows gaining control of Packagist," SonarSource researcher Thomas...

8.8CVSS1.2AI score0.04849EPSS
Exploits1
OpenVAS
OpenVAS
added 2022/09/06 12:0 a.m.16 views

openSUSE: Security Advisory for php-composer2 (SUSE-SU-2022:3020-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.01857EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.33 views

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2022:3020-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3020-1 advisory. - CVE-2022-24828: Fixed a code injection issue that affected integrators using specific APIs to read untrusted input files...

8.8CVSS7.7AI score0.01857EPSS
Exploits0References4
OSV
OSV
added 2022/09/05 9:23 a.m.2 views

SUSE-SU-2022:3020-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2022-24828: Fixed a code injection issue that affected integrators using specific APIs to read untrusted input files bsc1198494...

8.8CVSS8.8AI score0.01857EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/09/05 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2022:3020-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS8.8AI score0.01857EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/05/11 12:0 a.m.35 views

openSUSE 15 Security Update : php-composer (openSUSE-SU-2022:0132-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0132-1 advisory. - Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install...

9.8CVSS8.4AI score0.02904EPSS
Exploits0References6
OpenVAS
OpenVAS
added 2022/05/08 12:0 a.m.25 views

Fedora: Security Advisory for composer (FEDORA-2022-60ec715192)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.01857EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2022/04/22 12:0 a.m.21 views

Fedora: Security Advisory for composer (FEDORA-2022-617a6df23e)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS8.8AI score0.01857EPSS
Exploits0References2
NVD
NVD
added 2022/04/13 9:15 p.m.28 views

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

8.8CVSS0.01857EPSS
Exploits0References6
CVE
CVE
added 2022/04/13 9:0 p.m.179 views

CVE-2022-24828

The CVE-2022-24828 entry concerns Composer’s VcsDriver::getFileContent accepting user-controlled $file or $identifier. The root cause is input that can lead to parameter/command injection when interacting with Mercurial or Git drivers, impacting integrations like Packagist.org where readme conten...

8.8CVSS8.7AI score0.01857EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2022/04/13 9:0 p.m.40 views

CVE-2022-24828 Missing input validation can lead to command execution in composer

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

8.3CVSS9AI score0.01857EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2022/04/13 12:0 a.m.37 views

FreeBSD : Composer -- Command injection vulnerability (24a9bd2b-bb43-11ec-af81-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 24a9bd2b-bb43-11ec-af81-0897988a1c07 advisory. - Composer is a dependency manager for the PHP programming language. Integrators using Composer code to...

8.8CVSS8.4AI score0.01857EPSS
Exploits0References3
Rows per page
Query Builder