0.003 Low
EPSS
Percentile
68.2%
composer is vulnerable to supply chain attack. The vulnerability exists due to a lack of validation of untrusted dependencies which allows command injection via dependencies during installation.
github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa
github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.14/community.yaml
www.tenable.com/security/tns-2022-09