View Issue Details

IDProjectCategoryView StatusLast Update
0007600OXID eShop (all versions)4.04. Securitypublic2024-06-25 10:37
Reportermichael_keiluweit Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version7.0.1 
Fixed in Version7.0.2 
Summary0007600: Metapackages 6.3, 6.4, 6.5 and 7.0 containing an unsecure package version of composer/composer
Descriptionhttps://blog.packagist.com/composer-2-7-and-cve-2024-24821/

The package composer/composer with the version >=2.0,<2.2.23 || >=2.3,<2.7 loads arbitrary code from generated files, which allows code execution and possible privilege escalation.

The package composer/composer is needed by the framework and must to be updated by releasing a new metapackage version.

See link for further information.
TagsNo tags attached.
ThemeNot defined
BrowserNot defined
PHP VersionNot defined
Database VersionNot defined