/
DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2024-35242

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-35242

CGA ID

CGA-cf8c-xqvc-jhcx

Severity

Unknown

Description

Composer is a dependency manager for PHP. On the 2.x branch prior to versions 2.2.24 and 2.7.7, the composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. This requires cloning untrusted repositories. Patches are available in version 2.2.24 for 2.2 LTS or 2.7.7 for mainline. As a workaround, avoid cloning potentially compromised repositories.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs