exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 8

CVE-2024-35242

около 1 года назад

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.

CVSS3: 8.8

EPSS: Низкий

CVE-2024-35242

около 1 года назад

CVSS3: 8.8

EPSS: Низкий

CVE-2024-35242

около 1 года назад

Composer is a dependency manager for PHP. On the 2.x branch prior to v ...

CVSS3: 8.8

EPSS: Низкий

GHSA-v9qv-c7wm-wgmf

около 1 года назад

Composer has multiple command injections via malicious git/hg branch names

CVSS3: 8.8

EPSS: Низкий

BDU:2024-04880

около 1 года назад

Уязвимость компонента Branch Name Handler менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды

CVSS3: 8.8

EPSS: Низкий

SUSE-SU-2024:2107-1

около 1 года назад

Security update for php-composer2

EPSS: Низкий

SUSE-SU-2024:2106-1

около 1 года назад

Security update for php-composer2

EPSS: Низкий

ROS-20240626-10

около 1 года назад

Множественные уязвимости composer

CVSS3: 8.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.	CVSS3: 8.8	5% Низкий	около 1 года назад
CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.	CVSS3: 8.8	5% Низкий	около 1 года назад
CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to v ...	CVSS3: 8.8	5% Низкий	около 1 года назад
GHSA-v9qv-c7wm-wgmf Composer has multiple command injections via malicious git/hg branch names	CVSS3: 8.8	5% Низкий	около 1 года назад
BDU:2024-04880 Уязвимость компонента Branch Name Handler менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды	CVSS3: 8.8	5% Низкий	около 1 года назад
SUSE-SU-2024:2107-1 Security update for php-composer2			около 1 года назад
SUSE-SU-2024:2106-1 Security update for php-composer2			около 1 года назад
ROS-20240626-10 Множественные уязвимости composer	CVSS3: 8.8		около 1 года назад

Уязвимостей на страницу