rpm package
suse/php-composer2&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
pkg:rpm/suse/php-composer2&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-35242 | Hig | 8.8 | < 2.2.3-150400.3.12.1 | 2.2.3-150400.3.12.1 | Jun 10, 2024 | Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. | |
| CVE-2024-35241 | Hig | 8.8 | < 2.2.3-150400.3.12.1 | 2.2.3-150400.3.12.1 | Jun 10, 2024 | Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat | |
| CVE-2024-24821 | — | < 2.2.3-150400.3.9.1 | 2.2.3-150400.3.9.1 | Feb 8, 2024 | Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea |
- affected < 2.2.3-150400.3.12.1fixed 2.2.3-150400.3.12.1
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.
- affected < 2.2.3-150400.3.12.1fixed 2.2.3-150400.3.12.1
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat
- CVE-2024-24821Feb 8, 2024affected < 2.2.3-150400.3.9.1fixed 2.2.3-150400.3.9.1
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea