composer

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Dependency Manager for PHP
Version	2.9.2-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2446	2.1.8-1	2.1.9-1	Medium	Not affected
AVG-1885	2.0.12-1	2.0.13-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-41116	AVG-2446	Medium	Yes	Arbitrary command execution	Windows users running Composer before version 2.1.9 to install untrusted dependencies are subject to command injection and should upgrade their composer...
CVE-2021-29472	AVG-1885	Medium	Yes	Arbitrary code execution	A security issue was found in Composer before versions 1.10.22 and 2.0.13. URLs for Mercurial repositories in the root composer.json and package source...

Issue

Group

Severity

Remote

Type

Description

CVE-2021-41116

AVG-2446

Medium

Yes

Arbitrary command execution

Windows users running Composer before version 2.1.9 to install untrusted dependencies are subject to command injection and should upgrade their composer...

CVE-2021-29472

AVG-1885

Medium

Yes

Arbitrary code execution

A security issue was found in Composer before versions 1.10.22 and 2.0.13. URLs for Mercurial repositories in the root composer.json and package source...