Количество 8
Количество 8
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.
CVE-2024-35242
Composer is a dependency manager for PHP. On the 2.x branch prior to v ...
GHSA-v9qv-c7wm-wgmf
Composer has multiple command injections via malicious git/hg branch names
BDU:2024-04880
Уязвимость компонента Branch Name Handler менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды
SUSE-SU-2024:2107-1
Security update for php-composer2
SUSE-SU-2024:2106-1
Security update for php-composer2
ROS-20240626-10
Множественные уязвимости composer
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories. | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
 | CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories. | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
| CVE-2024-35242 Composer is a dependency manager for PHP. On the 2.x branch prior to v ... | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
| GHSA-v9qv-c7wm-wgmf Composer has multiple command injections via malicious git/hg branch names | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
 | BDU:2024-04880 Уязвимость компонента Branch Name Handler менеджера зависимостей для PHP Composer, позволяющая нарушителю выполнить произвольные команды | CVSS3: 8.8 | 24% Средний | больше 1 года назад |
 | SUSE-SU-2024:2107-1 Security update for php-composer2 | больше 1 года назад | ||
| SUSE-SU-2024:2106-1 Security update for php-composer2 | больше 1 года назад | ||
 | ROS-20240626-10 Множественные уязвимости composer | CVSS3: 8.8 | больше 1 года назад |
Уязвимостей на страницу