VYPR

rpm package

suse/php-composer2&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP6

pkg:rpm/suse/php-composer2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP6

Vulnerabilities (2)

  • CVE-2024-35242HigJun 10, 2024
    affected < 2.6.4-150600.3.3.1fixed 2.6.4-150600.3.3.1

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.

  • CVE-2024-35241HigJun 10, 2024
    affected < 2.6.4-150600.3.3.1fixed 2.6.4-150600.3.3.1

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat