CVE-2021-41116
Published: 05 October 2021
Summary
CVE-2021-41116 is a high-severity Command Injection (CWE-77) vulnerability in Getcomposer Composer. Its CVSS base score is 8.2 (High).
Operationally, ranked in the top 23.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-2198
Vulnerability details
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected.…
more
The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.