rpm package
opensuse/php-composer2&distro=openSUSE Leap 15.4
pkg:rpm/opensuse/php-composer2&distro=openSUSE%20Leap%2015.4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-43655 | — | < 2.2.3-150400.3.6.1 | 2.2.3-150400.3.6.1 | Sep 29, 2023 | Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Vers | ||
| CVE-2022-24828 | — | < 2.2.3-150400.3.3.1 | 2.2.3-150400.3.3.1 | Apr 13, 2022 | Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist |
- CVE-2023-43655Sep 29, 2023affected < 2.2.3-150400.3.6.1fixed 2.2.3-150400.3.6.1
Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Vers
- CVE-2022-24828Apr 13, 2022affected < 2.2.3-150400.3.3.1fixed 2.2.3-150400.3.3.1
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist