VYPR

rpm package

opensuse/php-composer&distro=openSUSE Leap 15.2

pkg:rpm/opensuse/php-composer&distro=openSUSE%20Leap%2015.2

Vulnerabilities (1)

  • CVE-2021-29472Apr 27, 2021
    affected < 1.10.22-bp153.2.3.1fixed 1.10.22-bp153.2.3.1

    Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system.