A vulnerability was found in Composer up to 1.10.22/2.1.8. It has been classified as critical. This affects an unknown functionality of the component Dependency Handler. Upgrading to version 1.10.23 or 2.1.9 eliminates this vulnerability. Applying the patch ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
Composer up to 1.10.22/2.1.8 Dependency command injection
- Virtual Patching
- October 7, 2021
- 3:06 am
Contact us to get started
CVE-2024-0012 : PALO ALTO NETWORKS PAN-OS MANAGEMENT WEB INTERFACE MISSING AUTHENTICATION
Description An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management
CVE-2024-47533 : COBBLER UP TO 3.2.2/3.3.6 UTILS.GET_SHARED_SECRET IMPROPER AUTHENTICATION
Description Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability
CVE-2024-52565 : SIEMENS TECNOMATIX PLANT SIMULATION PRIOR 2302.0018/2404.0007 WRL FILE OUT-OF-BOUNDS WRITE
Description A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All