Composer Command Injection Vulnerability
DRANK
Please immediately update Composer to version 2.0.13 or 1.10.22 (composer.phar self-update). The new releases include fixes for a command injection security vulnerability (CVE-2021-29472) reported by Thomas Chauchefoin. Fixes for Packagist.org and Private Packagist were deployed within 12 hours of receiving the report of remote command execution on April 22nd, 2021.
1 comments