VYPR

rpm package

suse/php-composer2&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP4

pkg:rpm/suse/php-composer2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP4

Vulnerabilities (2)

  • CVE-2023-43655Sep 29, 2023
    affected < 2.2.3-150400.3.6.1fixed 2.2.3-150400.3.6.1

    Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Vers

  • CVE-2022-24828Apr 13, 2022
    affected < 2.2.3-150400.3.3.1fixed 2.2.3-150400.3.3.1

    Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist