2 matches found
BIT-COMPOSER-2022-24828 Missing input validation can lead to command execution in composer
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call VcsDriver::getFileContent can have a code injection vulnerability if the user can control the $file or $identifier argument. This leads to a vulnerability on packagist.org for example where...
SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2022:3020-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3020-1 advisory. - CVE-2022-24828: Fixed a code injection issue that affected integrators using specific APIs to read untrusted input files...