Announcement

Collapse
No announcement yet.

A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

    The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack.
    "A vulnerability in such a central component, serving more than 100 million package metadata requests per month, has a huge impact as this access could have been used to steal maintainers' credentials or to redirect package downloads to third-party servers delivering backdoored dependencies," SonarSource said.
    A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks
    https://thehackernews.com
    A New Critical PHP Composer Bug Could Enable Widespread Supply-Chain Attacks — PATCH it Now!
    Certified Security Geek
    Tags: composer, cve-2021-29472, news, php, supply-chain attack
    Previous template Next
    Working...
    X
    😀
    🥰
    🤢
    😎
    😡
    👍
    👎

    We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

    By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

    I Agree