Search CVE reports


Toggle filters

1 – 8 of 8 results


CVE-2024-35242

Medium priority
Needs evaluation

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command...

1 affected packages

composer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
composer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-35241

Medium priority
Needs evaluation

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names...

1 affected packages

composer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
composer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-24821

Medium priority
Vulnerable

Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under...

1 affected packages

composer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
composer Needs evaluation Vulnerable Not affected Not affected Not affected
Show less packages

CVE-2023-43655

Medium priority
Needs evaluation

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also...

1 affected packages

composer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
composer Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2015-8371

Medium priority
Ignored

Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages...

1 affected packages

composer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
composer Not affected Not affected
Show less packages

CVE-2022-24828

Medium priority
Vulnerable

Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier`...

1 affected packages

composer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
composer Vulnerable Vulnerable Vulnerable Vulnerable Vulnerable
Show less packages

CVE-2021-41116

Negligible priority
Vulnerable

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version....

1 affected packages

composer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
composer Not affected Not affected Not affected Not affected Vulnerable
Show less packages

CVE-2021-29472

Medium priority

Some fixes available 3 of 5

Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the...

1 affected packages

composer

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
composer Not affected Not affected Fixed Fixed Fixed
Show less packages