4 matches found
ROOT-APP-COMPOSER-CVE-2026-54133 CVE-2026-54133 in mtdowling/jmespath.php - Patched by Root
Root has patched CVE-2026-54133 in the mtdowling/jmespath.php package for Root:Composer. Multiple fixed versions available...
BIT-COMPOSER-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...
CVE-2026-40176
Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command method, which constructs shell commands by interpolating user-supplied Perforce connection parameters port, user, client without...
Command injection via malicious Perforce repository definition
Impact The Perforce::generateP4Command method constructed shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping. An attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository...