CVE-2021-41116— Command injection in composer on Windows
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-41116
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Command injection in composer on Windows
Source: NVD (National Vulnerability Database)
Vulnerability Description
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
composer 命令注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
composer是 开源的一个应用软件。提供一个声明,管理和安装PHP项目的依赖项。 Composer 存在命令注入漏洞,该漏洞源于Composer 会安装不受信任的依赖项。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-41116
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-41116
请登录查看更多情报信息。
- https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcfx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-41116
IV. Related Vulnerabilities
Same product: composer
- CVE-2026-40261
Composer has Command Injection via Malicious Perforce Refere - CVE-2026-40176
Composer is vulnerable to Command Injection via Malicious Pe - CVE-2025-67746
Composer vulnerable to ANSI sequence injection - CVE-2024-35242
Composer vulnerable to command injection via malicious git/h - CVE-2024-35241
Composer vulnerable to command injection via malicious git b
Same vendor: composer
- CVE-2026-40261
Composer has Command Injection via Malicious Perforce Refere - CVE-2026-40176
Composer is vulnerable to Command Injection via Malicious Pe - CVE-2025-67746
Composer vulnerable to ANSI sequence injection - CVE-2024-35242
Composer vulnerable to command injection via malicious git/h - CVE-2024-35241
Composer vulnerable to command injection via malicious git b
V. Comments for CVE-2021-41116
No comments yet