Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the `composer install` command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-06-10T21:23:44.040Z
Updated: 2024-08-02T03:07:46.921Z
Reserved: 2024-05-14T15:39:41.786Z
Link: CVE-2024-35242
Vulnrichment
Updated: 2024-07-15T20:43:55.194Z
NVD
Status : Awaiting Analysis
Published: 2024-06-10T22:15:09.893
Modified: 2024-11-21T09:20:00.440
Link: CVE-2024-35242
Redhat
No data.