网安资讯详情 - SecLens 情报雷达

网安资讯,一网打尽。汇集权威漏洞通告与行业要闻,结合分组浏览、智能过滤、RSS订阅 和 Webhook 推送,多通道拓展您的安全情报视野。

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

来源: the_hacker_news · 发布时间 2026-04-14 23:57 (UTC+08:00) · 抓取时间 2026-04-16 19:01 (UTC+08:00)

原文链接

摘要

Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below - CVE-2026-40176 (CVSS

扩展字段

{
  "categories": [],
  "guid": "https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html"
}