[HIGH] Composer Remote Code Execution vulnerability via web-accessible composer.phar

PKSA-m1ph-vmbx-2xd3 CVE-2023-43655 GHSA-jm6m-4632-36hf

Affected version: >=2.3.0,<2.6.4|>=2.0.0,<2.2.22|<1.10.27

Reported by:
GitHub

[HIGH] Missing input validation can lead to command execution in composer

PKSA-6zmq-d6mk-r5wm CVE-2022-24828 GHSA-x7cr-6qr6-2hh6

Affected version: >=2.3,<2.3.5|>=2.0,<2.2.12|<1.10.26

Reported by:
FriendsOfPHP/security-advisories, GitHub