23 matches found
EUVD-2022-1866
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-24828
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection...
Composer: Multiple Vulnerabilities
Background Composer is a dependency manager for the PHP programming language. Description Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on...
BIT-COMPOSER-2021-29472 Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...
BIT-COMPOSER-2022-24828 Missing input validation can lead to command execution in composer
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...
SUSE SLES15 Security Update : php-composer2 (SUSE-SU-2022:3020-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3020-1 advisory. - Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can...
Missing input validation can lead to command execution in composer
The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...
GHSA-X7CR-6QR6-2HH6 Missing input validation can lead to command execution in composer
The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...
Remote Code Execution (RCE)
composer/composer is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the user-controlled $file or $identifier arguments via the VcsDriver::getFileContent allowing an attacker to inject maliciously crafted script into the system...
CVE-2022-24828 Missing input validation can lead to command execution in composer
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...
CVE-2022-24828
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...
CVE-2022-24828
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...
Missing input validation can lead to command execution in composer
The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...
PT-2022-2529 · Composer +6 · Composer +6
Name of the Vulnerable Software and Affected Versions: Composer affected versions not specified Description: The issue is related to the VcsDriver::getFileContent method in Composer, a dependency manager for PHP. If a user can control the $file or $identifier argument, it may lead to a code...
Composer -- Command injection vulnerability
Composer developers reports: The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used...
FreeBSD : Composer -- Command injection vulnerability (24a9bd2b-bb43-11ec-af81-0897988a1c07)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 24a9bd2b-bb43-11ec-af81-0897988a1c07 advisory. - Composer is a dependency manager for the PHP programming language. Integrators using Composer code to...
GHSA-H5H8-PC6H-JVVX Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...
CVE-2021-29472
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...
CVE-2021-29472
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...
Remote code execution
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to...