Announcement

Collapse
No announcement yet.

A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

    The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack.
    "A vulnerability in such a central component, serving more than 100 million package metadata requests per month, has a huge impact as this access could have been used to steal maintainers' credentials or to redirect package downloads to third-party servers delivering backdoored dependencies," SonarSource said.
    A New Critical PHP Composer Bug Could Enable Widespread Supply-Chain Attacks — PATCH it Now!
    Certified Security Geek
Working...
X