[HIGH] Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php

PKSA-jn72-4kr8-gj3h CVE-2024-24821 GHSA-7c6p-848j-wh5h

Affected version: >=2.3.0-rc1,<2.7.0|>=2.0.0-alpha1,<2.2.23

Reported by:
GitHub

[HIGH] Composer Remote Code Execution vulnerability via web-accessible composer.phar

PKSA-m1ph-vmbx-2xd3 CVE-2023-43655 GHSA-jm6m-4632-36hf

Affected version: >=2.3.0,<2.6.4|>=2.0.0,<2.2.22|<1.10.27

Reported by:
GitHub