ROS-20240626-10

A vulnerability in the getUnpushedChanges() function of the dependency manager for PHP Composer is related to the use of the status and reinstall commands.
status, reinstall and remove commands. Exploitation of the vulnerability could allow an attacker,
acting remotely, to execute arbitrary commands

A vulnerability in the Branch Name Handler component of the dependency manager for PHP Composer is associated with the use of the
using the composer install command running inside the git/hg repository. Exploitation of the vulnerability
could allow an attacker acting remotely to execute arbitrary commands.

A vulnerability in the composer.phar file of the dependency manager for PHP Composer is related to the operation of the
register_argc_argv in php.ini. Exploitation of the vulnerability could allow an attacker acting remotely,
execute arbitrary commands

An implementation vulnerability in the VcsDriver::getFileContent() method of the dependency manager for PHP Composer is related to
with insufficient input validation when processing “$file” or “$identifier” arguments.
Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary
commands