Composer@* Security Vulnerabilities and Issues — Composer@* CVE List

Lucene search

GetcomposerComposer*

3 matches found

CVE•added 2024/06/10 10:15 p.m.•238 views

CVE-2024-35241

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the status, reinstall and remove commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are a...

8.8CVSS8.8AI score0.00572EPSS

CVE•added 2024/06/10 10:15 p.m.•229 views

CVE-2024-35242

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available...

8.8CVSS8.8AI score0.18969EPSS

CVE•added 2024/02/09 12:15 a.m.•77 views

CVE-2024-24821

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privileg...

8.8CVSS7.8AI score0.00106EPSS