6.5
CVSSv2

CVE-2021-29472

Published: 27/04/2021 Updated: 12/05/2021
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

It exists that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution. For the stable distribution (buster), this problem has been fixed in version 1.8.4-1+deb10u1. We recommend that you upgrade your composer packages. For the detailed security status of composer please refer to its security tracker page at: security-tracker.debian.org/tracker/composer

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

Vendor Advisories

It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution For the stable distribution (buster), this problem has been fixed in version 184-1+deb10u1 We recommend that you upgrade your composer packages For the detailed security status of composer please ...
A security issue was found in Composer before versions 11022 and 2013 URLs for Mercurial repositories in the root composerjson and package source download URLs are not sanitized correctly Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system The impact to Composer users directl ...