One Article Review
| Source |  The Hacker News |
|---|---|
| Identifiant | 2715293 |
| Date de publication | 2021-04-29 08:27:33 (vue: 2021-04-29 16:05:49) |
| Titre | A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks |
| Texte | The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and "backdoor every PHP package," resulting in a supply-chain attack.
Tracked as CVE-2021-29472, the security issue was discovered and reported on April 22 by researchers from SonarSource, following which a hotfix was |
| Notes | |
| Envoyé | Oui |
| Condensat | 2021 29472 address allowed april arbitrary attack attacker attacks backdoor bug chain commands composer could critical cve discovered enable every execute following from sonarsource have hotfix issue maintainers manager new package php reported researchers resulting security shipped supply tracked update vulnerability which widespread |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-04-29 21:28:53 | (Déjà vu) Command injection flaw in PHP Composer allowed supply-chain attacks (lien direct) | A vulnerability in the PHP Composer could have allowed an attacker to execute arbitrary commands and backdoor every PHP package. The maintainers of the PHP Composer package have addressed a critical vulnerability, tracked as CVE-2021-29472, that could have allowed an attacker to execute arbitrary commands and establish a backdoor in every PHP package. Composer is the major […] | Vulnerability |