Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-41116 - log back

CVE-2021-41116 edited at 05 Oct 2021 20:15:39

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Arbitrary command execution

Description

+	Windows users running Composer before version 2.1.9 to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected.

References

+	https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
+	https://github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa

Notes

CVE-2021-41116 created at 05 Oct 2021 20:12:48