CNNVD-202512-5109 Information
CNNVD ID
CNNVD-202512-5109
Related CVE
- CNNVD Published: 2025-12-30
Description (Chinese)
Composer是Composer开源的一个应用软件。提供一个声明,管理和安装PHP项目的依赖项。 Composer 2.2.26之前版本和2.9.3之前版本存在注入漏洞,该漏洞源于攻击者可能注入ANSI控制字符,可能导致终端输出混乱或拒绝服务。
Description (English)
Composer is an application of Composer Open Source. Provide a statement of dependency for the management and installation of the PHP project. Composer 2.2.26 and 2.9.3 have an injection loophole, which stems from the possibility that the assailant injects ANSI control characters, which could lead to a terminal output disorder or denial of service.
Hazard Level
High
Vulnerability Type
注入
Affected Vendor
Composer
Published
2025-12-30
Last Modified
2026-02-24
References
https://github.com/composer/composer/commit/1d40a95c9d39a6b7f80d404ab30336c586da9917 https://github.com/composer/composer/commit/5db1876a76fdef76d3c4f8a27995c434c7a43e71 https://github.com/composer/composer/releases/tag/2.2.26 https://github.com/composer/composer/releases/tag/2.9.3 https://github.com/composer/composer/security/advisories/GHSA-59pp-r3rg-353g
Patch
https://getcomposer.org/doc/00-intro.md
Share on: