EUVD-2022-1866

Malicious code in bioql PyPI...

EUVD-2024-0553

Malicious code in bioql PyPI...

BIT-COMPOSER-2024-35242 Composer vulnerable to command injection via malicious git/hg branch names

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...

SUSE CVE-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...

CVE-2024-24821 Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...

PT-2024-1571 · Composer +4 · Composer +4

Name of the Vulnerable Software and Affected Versions: Composer versions prior to 2.7.0 Composer versions prior to 2.2.23 Description: The vulnerability is related to the inclusion of functions from an untrusted controlled area in the Composer dependency manager for PHP. Under certain conditions,...

Code injection

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...