CPE-8BACED7F-F93C-4830-AEF0-99AA61B2601A Detail

CPE Details

Getcomposer Composer 1.10.22

Vendor

getcomposer

Product

composer

Version

1.10.22

Created

2021-05-03
13h59 +00:00

Modified

2021-05-13
16h54 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:getcomposer:composer:1.10.22:::::::*

Informations

Vendor

getcomposer

Product

composer

Version

1.10.22

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-43655	2023-09-29 19h33 +00:00	Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.	8.8	High
CVE-2022-24828	2022-04-13 19h00 +00:00	Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report.	8.8	High
CVE-2021-41116	2021-10-05 15h40 +00:00	Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.	9.8	Critical

Getcomposer Composer 1.10.22

CPE Details

CPE Name: cpe:2.3:a:getcomposer:composer:1.10.22:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:getcomposer:composer:1.10.22:::::::*