VYPR

rpm package

suse/php-composer&distro=SUSE Package Hub 15 SP1

pkg:rpm/suse/php-composer&distro=SUSE%20Package%20Hub%2015%20SP1

Vulnerabilities (1)

  • CVE-2021-29472Apr 27, 2021
    affected < 1.10.22-bp153.2.3.1fixed 1.10.22-bp153.2.3.1

    Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system.