CVE-2024-35242

Опубликовано: 10 июн. 2024

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.

Ссылки

EPSS

Процентиль: 90%

0.05494

Низкий

8.8 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

CVE-2024-35242

CVSS3: 8.8

ubuntu

около 1 года назад

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.

CVE-2024-35242

CVSS3: 8.8

debian

около 1 года назад

Composer is a dependency manager for PHP. On the 2.x branch prior to v ...

GHSA-v9qv-c7wm-wgmf

CVSS3: 8.8

github

около 1 года назад

Composer has multiple command injections via malicious git/hg branch names

BDU:2024-04880

CVSS3: 8.8

fstec

около 1 года назад

Уязвимость компонента Branch Name Handler менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды

SUSE-SU-2024:2107-1

suse-cvrf

около 1 года назад

Security update for php-composer2

EPSS

Процентиль: 90%

0.05494

Низкий

8.8 High

CVSS3

Дефекты

CWE-77