VYPR

rpm package

opensuse/php-composer&distro=openSUSE Leap 15.3

pkg:rpm/opensuse/php-composer&distro=openSUSE%20Leap%2015.3

Vulnerabilities (3)

  • CVE-2022-24828Apr 13, 2022
    affected < 1.10.26-bp153.2.6.1fixed 1.10.26-bp153.2.6.1

    Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist

  • CVE-2021-41116Oct 5, 2021
    affected < 1.10.26-bp153.2.6.1fixed 1.10.26-bp153.2.6.1

    Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has

  • CVE-2021-29472Apr 27, 2021
    affected < 1.10.22-bp153.2.3.1fixed 1.10.22-bp153.2.3.1

    Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system.