rpm package
suse/php-composer&distro=SUSE Package Hub 15 SP3
pkg:rpm/suse/php-composer&distro=SUSE%20Package%20Hub%2015%20SP3
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24828 | — | < 1.10.26-bp153.2.6.1 | 1.10.26-bp153.2.6.1 | Apr 13, 2022 | Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist | ||
| CVE-2021-41116 | — | < 1.10.26-bp153.2.6.1 | 1.10.26-bp153.2.6.1 | Oct 5, 2021 | Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has | ||
| CVE-2021-29472 | — | < 1.10.22-bp153.2.3.1 | 1.10.22-bp153.2.3.1 | Apr 27, 2021 | Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. |
- CVE-2022-24828Apr 13, 2022affected < 1.10.26-bp153.2.6.1fixed 1.10.26-bp153.2.6.1
Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist
- CVE-2021-41116Oct 5, 2021affected < 1.10.26-bp153.2.6.1fixed 1.10.26-bp153.2.6.1
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has
- CVE-2021-29472Apr 27, 2021affected < 1.10.22-bp153.2.3.1fixed 1.10.22-bp153.2.3.1
Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system.