Количество 8
Количество 8
BDU:2024-04878
Уязвимость функции getUnpushedChanges() менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды
CVE-2024-35241
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting.
CVE-2024-35241
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting.
CVE-2024-35241
Composer is a dependency manager for PHP. On the 2.x branch prior to v ...
GHSA-47f6-5gq3-vx9c
Composer has a command injection via malicious git branch name
SUSE-SU-2024:2107-1
Security update for php-composer2
SUSE-SU-2024:2106-1
Security update for php-composer2
ROS-20240626-10
Множественные уязвимости composer
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-04878 Уязвимость функции getUnpushedChanges() менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды | CVSS3: 8.8 | 0% Низкий | около 1 года назад |
 | CVE-2024-35241 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting. | CVSS3: 8.8 | 0% Низкий | около 1 года назад |
 | CVE-2024-35241 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting. | CVSS3: 8.8 | 0% Низкий | около 1 года назад |
| CVE-2024-35241 Composer is a dependency manager for PHP. On the 2.x branch prior to v ... | CVSS3: 8.8 | 0% Низкий | около 1 года назад |
| GHSA-47f6-5gq3-vx9c Composer has a command injection via malicious git branch name | CVSS3: 8.8 | 0% Низкий | около 1 года назад |
 | SUSE-SU-2024:2107-1 Security update for php-composer2 | около 1 года назад | ||
| SUSE-SU-2024:2106-1 Security update for php-composer2 | около 1 года назад | ||
 | ROS-20240626-10 Множественные уязвимости composer | CVSS3: 8.8 | около 1 года назад |
Уязвимостей на страницу