composer

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Dependency Manager for PHP
Version 2.1.9-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2446 2.1.8-1 2.1.9-1 Medium Not affected
AVG-1885 2.0.12-1 2.0.13-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-41116 AVG-2446 Medium Yes Arbitrary command execution
Windows users running Composer before version 2.1.9 to install untrusted dependencies are subject to command injection and should upgrade their composer...
CVE-2021-29472 AVG-1885 Medium Yes Arbitrary code execution
A security issue was found in Composer before versions 1.10.22 and 2.0.13. URLs for Mercurial repositories in the root composer.json and package source...