Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:35097
HistoryApr 14, 2022 - 7:25 a.m.

Remote Code Execution (RCE)

2022-04-1407:25:40
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
73
vulnerability
remote code execution
sanitization
user-controlled
vcsdriver
malicious script
software

EPSS

0.003

Percentile

65.3%

JSON

composer/composer is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization of the user-controlled $file or $identifier arguments via the VcsDriver::getFileContent() allowing an attacker to inject maliciously crafted script into the system.

Related

openvas 5
fedora 3
alpinelinux 1
nvd 1
cve 1
osv 5
nessus 4
prion 1
friendsofphp 1
suse 2
debiancve 1
cvelist 1
freebsd 1
github 1
ubuntucve 1
thn 1
redos 1
openvas
openvas
Fedora: Security Advisory for composer (FEDORA-2022-60ec715192)
2022-05-08 00:00:00
openSUSE: Security Advisory for php-composer2 (SUSE-SU-2022:3020-1)
2022-09-06 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3020-1)
2022-09-05 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: composer-2.2.12-1.fc34
2022-04-21 20:57:39
[SECURITY] Fedora 35 Update: composer-2.3.5-1.fc35
2022-04-21 21:22:30
[SECURITY] Fedora 36 Update: composer-2.3.5-1.fc36
2022-05-07 05:00:15
alpinelinux
alpinelinux
CVE-2022-24828
2022-04-13 21:15:07
nvd
nvd
CVE-2022-24828
2022-04-13 21:15:07
cve
cve
CVE-2022-24828
2022-04-13 21:15:07
osv
osv
Missing input validation can lead to command execution in composer
2022-04-22 20:15:38
php-composer-1.10.26-1.1 on GA media
2024-06-15 00:00:00
CVE-2022-24828
2022-04-13 21:15:07
nessus
nessus
SUSE SLES15 Security Update : php-composer2 (SUSE-SU-2022:3020-1)
2022-09-06 00:00:00
FreeBSD : Composer -- Command injection vulnerability (24a9bd2b-bb43-11ec-af81-0897988a1c07)
2022-04-13 00:00:00
openSUSE 15 Security Update : php-composer (openSUSE-SU-2022:0132-1)
2022-05-11 00:00:00
prion
prion
Code injection
2022-04-13 21:15:00
friendsofphp
friendsofphp
Missing input validation can lead to command execution in composer
2022-04-13 14:54:58
suse
suse
Security update for php-composer2 (important)
2022-09-05 00:00:00
Security update for php-composer (important)
2022-05-10 00:00:00
debiancve
debiancve
CVE-2022-24828
2022-04-13 21:15:07
cvelist
cvelist
CVE-2022-24828 Missing input validation can lead to command execution in composer
2022-04-13 21:00:22
freebsd
freebsd
Composer -- Command injection vulnerability
2022-04-13 00:00:00
github
github
Missing input validation can lead to command execution in composer
2022-04-22 20:15:38
ubuntucve
ubuntucve
CVE-2022-24828
2022-04-13 00:00:00
thn
thn
Researchers Report Supply Chain Vulnerability in Packagist PHP Repository
2022-10-04 15:09:00
redos
redos
ROS-20240626-10
2024-06-26 00:00:00

EPSS

0.003

Percentile

65.3%

JSON
Related for VERACODE:35097
openvas5fedora3alpinelinux1nvd1cve1osv5nessus4prion1friendsofphp1suse2debiancve1cvelist1freebsd1github1ubuntucve1thn1redos1