Showing 1 - 1 of 1

CVE-2024-35242

Status Candidate

Overview

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.

Related Files

Debian Security Advisory 5715-1: Posted Jun 19, 2024; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5715-1 - Two vulnerabilities have been discovered in Composer, a dependency manager for PHP, which could result in arbitrary command execution by operating on malicious git/hg repositories.; tags | advisory, arbitrary, php, vulnerability; systems | linux, debian; advisories | CVE-2024-35241, CVE-2024-35242; SHA-256 | 47524eaef79a18432c3a4ae5e3acd5c797c5783aef817def7aece996f17e03da; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 123 files
Ubuntu 88 files
Gentoo 36 files
Jasper Nota 25 files
Debian 20 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,102)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,834)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,581)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,760)
UNIX (9,439)
UnixWare (187)
Windows (6,674)
Other

CVE-2024-35242

Overview

Related Files

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems