Количество 8
Количество 8
GHSA-47f6-5gq3-vx9c
Composer has a command injection via malicious git branch name
CVE-2024-35241
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting.
CVE-2024-35241
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting.
CVE-2024-35241
Composer is a dependency manager for PHP. On the 2.x branch prior to v ...
BDU:2024-04878
Уязвимость функции getUnpushedChanges() менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды
SUSE-SU-2024:2107-1
Security update for php-composer2
SUSE-SU-2024:2106-1
Security update for php-composer2
ROS-20240626-10
Множественные уязвимости composer
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-47f6-5gq3-vx9c Composer has a command injection via malicious git branch name | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
 | CVE-2024-35241 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting. | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
 | CVE-2024-35241 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `status`, `reinstall` and `remove` commands with packages installed from source via git containing specially crafted branch names in the repository can be used to execute code. Patches for this issue are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid installing dependencies via git by using `--prefer-dist` or the `preferred-install: dist` config setting. | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
| CVE-2024-35241 Composer is a dependency manager for PHP. On the 2.x branch prior to v ... | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
 | BDU:2024-04878 Уязвимость функции getUnpushedChanges() менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды | CVSS3: 8.8 | 0% Низкий | больше 1 года назад |
 | SUSE-SU-2024:2107-1 Security update for php-composer2 | больше 1 года назад | ||
| SUSE-SU-2024:2106-1 Security update for php-composer2 | больше 1 года назад | ||
 | ROS-20240626-10 Множественные уязвимости composer | CVSS3: 8.8 | больше 1 года назад |
Уязвимостей на страницу