11 matches found
EUVD-2022-3924
Malicious code in bioql PyPI...
EUVD-2022-1866
Malicious code in bioql PyPI...
EUVD-2024-0553
Malicious code in bioql PyPI...
BIT-COMPOSER-2024-35242 Composer vulnerable to command injection via malicious git/hg branch names
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...
SUSE CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are availab...
Amazon Linux 2023 : composer (ALAS2023-2024-539)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-539 advisory. Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the...
CVE-2024-24821 Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local...
PT-2024-1571 · Composer +4 · Composer +4
Name of the Vulnerable Software and Affected Versions: Composer versions prior to 2.7.0 Composer versions prior to 2.2.23 Description: The vulnerability is related to the inclusion of functions from an untrusted controlled area in the Composer dependency manager for PHP. Under certain conditions,...
org.jenkins-ci.plugins:php (=1.0) potentially affected by CVE-2019-10432 via org.jenkins-ci.plugins:htmlpublisher (=1.0)
org.jenkins-ci.plugins:htmlpublisher MAVEN version =1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:htmlpublisher and may be impacted: - org.jenkins-ci.plugins:php =1.0 Source cves: CVE-2019-10432 Source advisory:...
Code injection
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...
libgd integer overflow
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Subject: GD Graphics Library integer overflow leading to heap overflow. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Product Description: An ANSI C library for the dynamic creation o...