Arbitrary Code Execution

composer is vulnerable to Arbitrary Code Execution. The vulnerability due to improper santization when parsing the installed.php/InstalledVersions.ph file during the invocation of Composer. If Composer is invoked within a directory where InstalledVersions.ph was tampered with by an attacker,...

CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

GHSA-7C6P-848J-WH5H Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php

Impact Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code...

Composer -- Code execution and possible privilege escalation

Copmposer reports: Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php. Several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions...