VYPR

rpm package

suse/php-composer2&distro=SUSE Manager Server 4.3

pkg:rpm/suse/php-composer2&distro=SUSE%20Manager%20Server%204.3

Vulnerabilities (3)

  • CVE-2024-35242HigJun 10, 2024
    affected < 2.2.3-150400.3.12.1fixed 2.2.3-150400.3.12.1

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories.

  • CVE-2024-35241HigJun 10, 2024
    affected < 2.2.3-150400.3.12.1fixed 2.2.3-150400.3.12.1

    Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Pat

  • CVE-2024-24821Feb 8, 2024
    affected < 2.2.3-150400.3.9.1fixed 2.2.3-150400.3.9.1

    Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lea