Количество 8
Количество 8
GHSA-59pp-r3rg-353g
Composer is vulnerable to ANSI sequence injection
CVE-2025-67746
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit and this has thus a low severity but we still publish a CVE as it has potential for abuse, and we want to be on the safe side informing users that they should upgrade. Versions 2.2.26 and 2.9.3 contain a patch for the issue.
CVE-2025-67746
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit and this has thus a low severity but we still publish a CVE as it has potential for abuse, and we want to be on the safe side informing users that they should upgrade. Versions 2.2.26 and 2.9.3 contain a patch for the issue.
CVE-2025-67746
Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit and this has thus a low severity but we still publish a CVE as it has potential for abuse, and we want to be on the safe side informing users that they should upgrade. Versions 2.2.26 and 2.9.3 contain a patch for the issue.
CVE-2025-67746
Composer is a dependency manager for PHP. In versions on the 2.x branc ...
SUSE-SU-2026:0825-1
Security update for php-composer2
BDU:2026-03590
Уязвимость менеджера зависимостей для PHP Composer, связанная с недостаточной нейтрализацией специальных элементов в запросе, позволяющая нарушителю выполнить произвольный код
ROS-20260209-73-0024
Уязвимость composer
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-59pp-r3rg-353g Composer is vulnerable to ANSI sequence injection | 0% Низкий | 3 месяца назад | |
 | CVE-2025-67746 Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit and this has thus a low severity but we still publish a CVE as it has potential for abuse, and we want to be on the safe side informing users that they should upgrade. Versions 2.2.26 and 2.9.3 contain a patch for the issue. | CVSS3: 4.3 | 0% Низкий | 3 месяца назад |
 | CVE-2025-67746 Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit and this has thus a low severity but we still publish a CVE as it has potential for abuse, and we want to be on the safe side informing users that they should upgrade. Versions 2.2.26 and 2.9.3 contain a patch for the issue. | CVSS3: 3.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-67746 Composer is a dependency manager for PHP. In versions on the 2.x branch prior to 2.2.26 and 2.9.3, attackers controlling remote sources that Composer downloads from might in some way inject ANSI control characters in the terminal output of various Composer commands, causing mangled output and potentially leading to confusion or DoS of the terminal application. There is no proven exploit and this has thus a low severity but we still publish a CVE as it has potential for abuse, and we want to be on the safe side informing users that they should upgrade. Versions 2.2.26 and 2.9.3 contain a patch for the issue. | CVSS3: 4.3 | 0% Низкий | 3 месяца назад |
| CVE-2025-67746 Composer is a dependency manager for PHP. In versions on the 2.x branc ... | CVSS3: 4.3 | 0% Низкий | 3 месяца назад |
 | SUSE-SU-2026:0825-1 Security update for php-composer2 | 0% Низкий | около 1 месяца назад | |
 | BDU:2026-03590 Уязвимость менеджера зависимостей для PHP Composer, связанная с недостаточной нейтрализацией специальных элементов в запросе, позволяющая нарушителю выполнить произвольный код | CVSS3: 4.3 | 0% Низкий | 3 месяца назад |
 | ROS-20260209-73-0024 Уязвимость composer | CVSS3: 4.3 | 0% Низкий | около 2 месяцев назад |
Уязвимостей на страницу