View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007600 | OXID eShop (all versions) | 4.04. Security | public | 2024-02-22 11:37 | 2024-06-25 10:37 |
| Reporter | michael_keiluweit | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Product Version | 7.0.1 | ||||
| Fixed in Version | 7.0.2 | ||||
| Summary | 0007600: Metapackages 6.3, 6.4, 6.5 and 7.0 containing an unsecure package version of composer/composer | ||||
| Description | https://blog.packagist.com/composer-2-7-and-cve-2024-24821/ The package composer/composer with the version >=2.0,<2.2.23 || >=2.3,<2.7 loads arbitrary code from generated files, which allows code execution and possible privilege escalation. The package composer/composer is needed by the framework and must to be updated by releasing a new metapackage version. See link for further information. | ||||
| Tags | No tags attached. | ||||
| Theme | Not defined | ||||
| Browser | Not defined | ||||
| PHP Version | Not defined | ||||
| Database Version | Not defined | ||||
