Количество 8
Количество 8
GHSA-v9qv-c7wm-wgmf
Composer has multiple command injections via malicious git/hg branch names
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to v ...
BDU:2024-04880
Уязвимость компонента Branch Name Handler менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды
SUSE-SU-2024:2107-1
Security update for php-composer2
SUSE-SU-2024:2106-1
Security update for php-composer2
ROS-20240626-10
Множественные уязвимости composer
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-v9qv-c7wm-wgmf Composer has multiple command injections via malicious git/hg branch names | CVSS3: 8.8 | 24% Средний | почти 2 года назад |
 | CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories. | CVSS3: 8.8 | 24% Средний | почти 2 года назад |
 | CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories. | CVSS3: 8.8 | 24% Средний | почти 2 года назад |
| CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to v ... | CVSS3: 8.8 | 24% Средний | почти 2 года назад |
 | BDU:2024-04880 Уязвимость компонента Branch Name Handler менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды | CVSS3: 8.8 | 24% Средний | почти 2 года назад |
 | SUSE-SU-2024:2107-1 Security update for php-composer2 | почти 2 года назад | ||
| SUSE-SU-2024:2106-1 Security update for php-composer2 | почти 2 года назад | ||
 | ROS-20240626-10 Множественные уязвимости composer | CVSS3: 8.8 | почти 2 года назад |
Уязвимостей на страницу