Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/composer/composer@2.3.0-rc1
Typecomposer
Namespacecomposer
Namecomposer
Version2.3.0-rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.9.6
Latest_non_vulnerable_version2.10.0-RC1
Affected_by_vulnerabilities
0
url VCID-2pwj-7xfy-zkh3
vulnerability_id VCID-2pwj-7xfy-zkh3
summary 
Inclusion of Functionality from Untrusted Control Sphere
Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh
rm vendor/composer/installed.php vendor/composer/InstalledVersions.php
composer install --no-scripts --no-plugins
```
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24821
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32337
published_at 2026-06-06T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32269
published_at 2026-06-08T12:55:00Z
2
value 0.00132
scoring_system epss
scoring_elements 0.32299
published_at 2026-06-07T12:55:00Z
3
value 0.00132
scoring_system epss
scoring_elements 0.32367
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24821
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24821
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24821
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/composer/composer
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer
4
reference_url https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-11T18:11:46Z/
url https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5
5
reference_url https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24821
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24821
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063603
reference_id 1063603
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063603
8
reference_url https://github.com/advisories/GHSA-7c6p-848j-wh5h
reference_id GHSA-7c6p-848j-wh5h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7c6p-848j-wh5h
9
reference_url https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
reference_id GHSA-7c6p-848j-wh5h
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-02-11T18:11:46Z/
url https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h
10
reference_url https://usn.ubuntu.com/7603-1/
reference_id USN-7603-1
reference_type
scores
url https://usn.ubuntu.com/7603-1/
fixed_packages
0
url pkg:composer/composer/composer@2.7.0
purl pkg:composer/composer/composer@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sk6-xbn9-q7es
1
vulnerability VCID-52e4-4t6n-p3e9
2
vulnerability VCID-hnah-ry8y-77d6
3
vulnerability VCID-q7kj-g74r-s7ec
4
vulnerability VCID-v9rg-9gpu-23h6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.7.0
aliases CVE-2024-24821, GHSA-7c6p-848j-wh5h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2pwj-7xfy-zkh3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/composer/composer@2.3.0-rc1