Количество 8
Количество 8
GHSA-v9qv-c7wm-wgmf
Composer has multiple command injections via malicious git/hg branch names
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to v ...
BDU:2024-04880
Уязвимость компонента Branch Name Handler менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды
SUSE-SU-2024:2107-1
Security update for php-composer2
SUSE-SU-2024:2106-1
Security update for php-composer2
ROS-20240626-10
Множественные уязвимости composer
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-v9qv-c7wm-wgmf Composer has multiple command injections via malicious git/hg branch names | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
 | CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories. | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
 | CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories. | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
| CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to v ... | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
 | BDU:2024-04880 Уязвимость компонента Branch Name Handler менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
 | SUSE-SU-2024:2107-1 Security update for php-composer2 | больше 1 года назад | ||
| SUSE-SU-2024:2106-1 Security update for php-composer2 | больше 1 года назад | ||
 | ROS-20240626-10 Множественные уязвимости composer | CVSS3: 8.8 | больше 1 года назад |
Уязвимостей на страницу