May 11, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

A New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks

The maintainers of Composer, a package manager for PHP, have shipped an update to address a critical vulnerability that could have allowed an attacker to execute arbitrary commands and “backdoor every PHP package,” resulting in a supply-chain attack.
Tracked as CVE-2021-29472, the security issue was discovered and reported on April 22 by researchers from SonarSource, following which a hotfix wasA New PHP Composer Bug Could Enable Widespread Supply-Chain Attacks