rpm package
suse/php-composer2&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP6
pkg:rpm/suse/php-composer2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP6
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-35242 | Hig | 8.8 | < 2.6.4-150600.3.3.1 | 2.6.4-150600.3.3.1 | Jun 10, 2024 | Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. | |
| CVE-2024-35241 | Hig | 8.8 | < 2.6.4-150600.3.3.1 | 2.6.4-150600.3.3.1 | Jun 10, 2024 | Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat |
- affected < 2.6.4-150600.3.3.1fixed 2.6.4-150600.3.3.1
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.
- affected < 2.6.4-150600.3.3.1fixed 2.6.4-150600.3.3.1
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat