VYPR

rpm package

suse/php-composer2&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP5

pkg:rpm/suse/php-composer2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP5

Vulnerabilities (4)

  • CVE-2024-35242HigJun 10, 2024
    affected < 2.2.3-150400.3.12.1fixed 2.2.3-150400.3.12.1

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.

  • CVE-2024-35241HigJun 10, 2024
    affected < 2.2.3-150400.3.12.1fixed 2.2.3-150400.3.12.1

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat

  • CVE-2024-24821Feb 8, 2024
    affected < 2.2.3-150400.3.9.1fixed 2.2.3-150400.3.9.1

    Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea

  • CVE-2023-43655Sep 29, 2023
    affected < 2.2.3-150400.3.6.1fixed 2.2.3-150400.3.6.1

    Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Vers