Impact
The composer install command running inside a git/hg repository which has specially crafted branch names can lead to command injection. So this requires cloning untrusted repositories.
Patches
2.2.24 for 2.2 LTS or 2.7.7 for mainline
Workarounds
Avoid cloning potentially compromised repositories.
Impact
The
composer installcommand running inside a git/hg repository which has specially crafted branch names can lead to command injection. So this requires cloning untrusted repositories.Patches
2.2.24 for 2.2 LTS or 2.7.7 for mainline
Workarounds
Avoid cloning potentially compromised repositories.