11 matches found
CVE-2026-48995
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants and pnpm will install it regardless of the lockfile. The lockfile does not store the hash of the dependencies from https://codeload.github.com. This means that if thi...
Linux Distros Unpatched Vulnerability : CVE-2021-41116
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are...
SUBNET PowerSYSTEM Center 安全漏洞
SUBNET PowerSYSTEM Center is SUBNET's infrastructure for secure, centralized management of the many different intelligent electronic devices meters, relays, RTUs, etc. deployed throughout the transmission and distribution system. A security vulnerability exists in SUBNET PowerSYSTEM Center versio...
BIT-COMPOSER-2021-41116 Command injection in composer on Windows
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...
SUSE CVE-2021-41116
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...
Improper escaping of command arguments on Windows leading to command injection
Impact Windows users running Composer to install untrusted dependencies are affected and should definitely upgrade for safety. Other OSs and WSL are not affected. Patches 1.10.23 and 2.1.9 fix the issue Workarounds None...
CVE-2021-41116
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...
CVE-2021-41116
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...
UBUNTU-CVE-2021-41116
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...
CVE-2021-41116 Command injection in composer on Windows
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in...
composer 命令注入漏洞
composer is an open source application . Composer is an open source application that provides a declaration to manage and install dependencies on PHP projects. A command injection vulnerability exists in Composer, which stems from Composer installing untrusted dependencies...