目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

composer 厂商漏洞列表 / CVE 中文分析 11

composer 厂商相关 11 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

Composer 是 PHP 生态系统的主要依赖管理工具,用于安装和管理项目依赖。历史上常见漏洞包括远程代码执行(RCE)、跨站脚本(XSS)和权限绕过问题,多源于恶意包或供应链攻击。2021 年曾曝出严重漏洞,允许攻击者通过特制包执行任意代码。其安全特性包括签名验证和漏洞扫描,但用户仍需谨慎审查第三方包。

上位製品 composer: composer windows-setup
CVE IDタイトルCVSS深刻度公開日
CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference — composerCWE-78 8.8 High2026-04-15
CVE-2026-40176 Composer is vulnerable to Command Injection via Malicious Perforce Repository — composerCWE-20 7.8 High2026-04-15
CVE-2025-67746 Composer vulnerable to ANSI sequence injection — composerCWE-74 8.1 -2025-12-30
CVE-2024-35242 Composer vulnerable to command injection via malicious git/hg branch names — composerCWE-77 8.8 High2024-06-10
CVE-2024-35241 Composer vulnerable to command injection via malicious git branch name — composerCWE-77 8.8 High2024-06-10
CVE-2024-24821 Code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php in Composer — composerCWE-829 8.8 High2024-02-08
CVE-2023-43655 Remote Code Execution via web-accessible composer.phar — composerCWE-74 6.4 Medium2023-09-29
CVE-2022-24828 Missing input validation can lead to command execution in composer — composerCWE-20 8.3 High2022-04-13
CVE-2021-41116 Command injection in composer on Windows — composerCWE-77 8.2 High2021-10-05
CVE-2021-29472 Missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial in composer — composerCWE-88 8.8 High2021-04-27
CVE-2020-15145 Local privilege elevation in Composer-Setup for Windows — windows-setupCWE-276 6.7 Medium2020-08-14

本页汇总了 composer 厂商截至目前公开的全部 11 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。