BIT-composer-2021-41116

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/composer/BIT-composer-2021-41116.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-composer-2021-41116
Aliases
Published
2024-03-06T10:51:26.107Z
Modified
2025-04-03T14:40:37.652Z
Summary
[none]
Details

Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.

Database specific
{
    "cpes": [
        "cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}
References

Affected packages

Bitnami / composer

Package

Name
composer
Purl
pkg:bitnami/composer

Severity

  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.10.23
Introduced
2.0.0
Fixed
2.1.9