3 matches found
Setup PHP: GitHub tokens configured by setup-php may be exposed through pinned affected Composer versions
Impact This affects only workflows that pin an exact affected Composer semver version through setup-php, for example tools: composer:2.9.7. Workflows using the default Composer version, composer:v2, or no pinned Composer version are not affected through setup-php, because those Composer URLs have...
GHSA-5WXR-W449-57CM Setup PHP: GitHub tokens configured by setup-php may be exposed through pinned affected Composer versions
Impact This affects only workflows that pin an exact affected Composer semver version through setup-php, for example tools: composer:2.9.7. Workflows using the default Composer version, composer:v2, or no pinned Composer version are not affected through setup-php, because those Composer URLs have...
Insertion of Sensitive Information into Log File
Overview setup-php is a Setup PHP for use with GitHub Actions Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the process that configures GitHub tokens for Composer in workflows where an exact affected Composer version is pinned. An attacke...