composer/composer Security Advisories for 2.7.1 (2)
-
[HIGH] Composer has a command injection via malicious git branch name
PKSA-s25b-vbmp-jvhh CVE-2024-35241 GHSA-47f6-5gq3-vx9c
Affected version: >=2.3,<2.7.7|>=2.0,<2.2.24
Reported by:
GitHub -
[HIGH] Composer has multiple command injections via malicious git/hg branch names
PKSA-b8f7-zn44-r4gz CVE-2024-35242 GHSA-v9qv-c7wm-wgmf
Affected version: >=2.3,<2.7.7|>=2.0,<2.2.24
Reported by:
GitHub