Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-10T21:23:44.040Z

Updated: 2024-08-02T03:07:46.921Z

Reserved: 2024-05-14T15:39:41.786Z

Link: CVE-2024-35242

cve-icon Vulnrichment

Updated: 2024-07-15T20:43:55.194Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-10T22:15:09.893

Modified: 2024-11-21T09:20:00.440

Link: CVE-2024-35242

cve-icon Redhat

No data.