composer
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Dependency Manager for PHP |
Version | 2.8.4-1 [extra] |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-2446 | 2.1.8-1 | 2.1.9-1 | Medium | Not affected | |
AVG-1885 | 2.0.12-1 | 2.0.13-1 | Medium | Fixed |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-41116 | AVG-2446 | Medium | Yes | Arbitrary command execution | Windows users running Composer before version 2.1.9 to install untrusted dependencies are subject to command injection and should upgrade their composer... |
CVE-2021-29472 | AVG-1885 | Medium | Yes | Arbitrary code execution | A security issue was found in Composer before versions 1.10.22 and 2.0.13. URLs for Mercurial repositories in the root composer.json and package source... |