Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-1866

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.01841EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-24828

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection...

8.8CVSS7.5AI score0.01841EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2025/08/06 12:0 a.m.8 views

Composer: Multiple Vulnerabilities

Background Composer is a dependency manager for the PHP programming language. Description Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on...

8.8CVSS9AI score0.01841EPSS
Exploits0
OSV
OSV
added 2024/03/06 10:51 a.m.41 views

BIT-COMPOSER-2021-29472 Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...

8.8CVSS8.9AI score0.04849EPSS
Exploits1References8
OSV
OSV
added 2024/03/06 10:51 a.m.12 views

BIT-COMPOSER-2022-24828 Missing input validation can lead to command execution in composer

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

8.8CVSS8.6AI score0.01841EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2022/09/06 12:0 a.m.33 views

SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2022:3020-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3020-1 advisory. - CVE-2022-24828: Fixed a code injection issue that affected integrators using specific APIs to read untrusted input files...

8.8CVSS7.7AI score0.01841EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.6 views

The vulnerability of the implementation of the VcsDriver::getFileContent() method in the dependency manager for PHP Composer allows a perpetrator to execute arbitrary commands.

The vulnerability of the implementation of the VcsDriver::getFileContent method in the dependency manager for PHP Composer is related to insufficient validation of input data when processing arguments “$file” or “$identifier”. Exploiting this vulnerability may allow an attacker to execute arbitra...

9.3CVSS8.2AI score0.01841EPSS
Exploits0References12Affected Software6
Github Security Blog
Github Security Blog
added 2022/04/22 8:15 p.m.41 views

Missing input validation can lead to command execution in composer

The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...

8.8CVSS4.9AI score0.01841EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/04/22 8:15 p.m.37 views

GHSA-X7CR-6QR6-2HH6 Missing input validation can lead to command execution in composer

The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...

8.3CVSS8.9AI score0.01841EPSS
Exploits0References9
Veracode
Veracode
added 2022/04/14 7:25 a.m.110 views

Remote Code Execution (RCE)

composer/composer is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the user-controlled $file or $identifier arguments via the VcsDriver::getFileContent allowing an attacker to inject maliciously crafted script into the system...

8.8CVSS5.1AI score0.01841EPSS
Exploits0References9Affected Software2
Debian CVE
Debian CVE
added 2022/04/13 9:0 p.m.91 views

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

8.8CVSS8.9AI score0.01841EPSS
Exploits0
Cvelist
Cvelist
added 2022/04/13 9:0 p.m.39 views

CVE-2022-24828 Missing input validation can lead to command execution in composer

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

8.3CVSS9AI score0.01841EPSS
Exploits0References6
AlpineLinux
AlpineLinux
added 2022/04/13 9:0 p.m.57 views

CVE-2022-24828

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...

8.8CVSS8.8AI score0.01841EPSS
Exploits0
Friends Of PHP
Friends Of PHP
added 2022/04/13 2:54 p.m.22 views

Missing input validation can lead to command execution in composer

The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...

8.8CVSS8.9AI score0.01841EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.6 views

PT-2022-2529 · Composer +6 · Composer +6

Name of the Vulnerable Software and Affected Versions: Composer affected versions not specified Description: The issue is related to the VcsDriver::getFileContent method in Composer, a dependency manager for PHP. If a user can control the $file or $identifier argument, it may lead to a code...

9.8CVSS8.4AI score0.04849EPSS
Exploits1References67
Tenable Nessus
Tenable Nessus
added 2022/04/13 12:0 a.m.37 views

FreeBSD : Composer -- Command injection vulnerability (24a9bd2b-bb43-11ec-af81-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 24a9bd2b-bb43-11ec-af81-0897988a1c07 advisory. - Composer is a dependency manager for the PHP programming language. Integrators using Composer code to...

8.8CVSS8.4AI score0.01841EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2022/04/13 12:0 a.m.49 views

Composer -- Command injection vulnerability

Composer developers reports: The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used...

8.8CVSS5.4AI score0.01841EPSS
Exploits0References1
OSV
OSV
added 2021/04/29 9:52 p.m.22 views

GHSA-H5H8-PC6H-JVVX Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...

8.8CVSS9AI score0.04849EPSS
Exploits1References10
NVD
NVD
added 2021/04/27 9:15 p.m.17 views

CVE-2021-29472

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...

8.8CVSS0.04849EPSS
Exploits1References7
OSV
OSV
added 2021/04/27 9:15 p.m.26 views

CVE-2021-29472

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...

8.8CVSS9AI score
Exploits0References7
Rows per page
Query Builder