rpm package
opensuse/php-composer2&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/php-composer2&distro=openSUSE%20Leap%2015.6
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-67746 | — | < 2.6.4-150600.3.6.1 | 2.6.4-150600.3.6.1 | Dec 30, 2025 | Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangl | ||
| CVE-2024-35242 | Hig | 8.8 | < 2.6.4-150600.3.3.1 | 2.6.4-150600.3.3.1 | Jun 10, 2024 | Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. | |
| CVE-2024-35241 | Hig | 8.8 | < 2.6.4-150600.3.3.1 | 2.6.4-150600.3.3.1 | Jun 10, 2024 | Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat |
- CVE-2025-67746Dec 30, 2025affected < 2.6.4-150600.3.6.1fixed 2.6.4-150600.3.6.1
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangl
- affected < 2.6.4-150600.3.3.1fixed 2.6.4-150600.3.3.1
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.
- affected < 2.6.4-150600.3.3.1fixed 2.6.4-150600.3.3.1
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat