Composer Command Injection Vulnerability
DRANK

Please immediately update Composer to version 2.0.13 or 1.10.22 (composer.phar self-update). The new releases include fixes for a command injection security vulnerability (CVE-2021-29472) reported by Thomas Chauchefoin. Fixes for Packagist.org and Private Packagist were deployed within 12 hours of receiving the report of remote command execution on April 22nd, 2021.

blog.packagist.com
Related Topics: Security Vulnerability PHP
1 comments