rpm package
opensuse/php-composer2&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/php-composer2&distro=openSUSE%20Leap%2015.5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-35242 | Hig | 8.8 | < 2.2.3-150400.3.12.1 | 2.2.3-150400.3.12.1 | Jun 10, 2024 | Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. | |
| CVE-2024-35241 | Hig | 8.8 | < 2.2.3-150400.3.12.1 | 2.2.3-150400.3.12.1 | Jun 10, 2024 | Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat | |
| CVE-2024-24821 | — | < 2.2.3-150400.3.9.1 | 2.2.3-150400.3.9.1 | Feb 8, 2024 | Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea | ||
| CVE-2023-43655 | — | < 2.2.3-150400.3.6.1 | 2.2.3-150400.3.6.1 | Sep 29, 2023 | Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Vers |
- affected < 2.2.3-150400.3.12.1fixed 2.2.3-150400.3.12.1
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.
- affected < 2.2.3-150400.3.12.1fixed 2.2.3-150400.3.12.1
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat
- CVE-2024-24821Feb 8, 2024affected < 2.2.3-150400.3.9.1fixed 2.2.3-150400.3.9.1
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea
- CVE-2023-43655Sep 29, 2023affected < 2.2.3-150400.3.6.1fixed 2.2.3-150400.3.6.1
Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Vers