Description

A installed.json file was discovered. Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you. After installing the dependencies, Composer stores the list of them in a special file for internal purposes.

As the file is publicly accessible, it leads to disclosure of information about components used by the web application.

Remediation

Restrict access to vendors directory

References

Composer Basic usage

Related Vulnerabilities

WordPress Plugin Clone Information Disclosure (2.4.2)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Information Disclosure (5.1.2)

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

WordPress Plugin ShareYourCart Information Disclosure (1.6.1)

WordPress Plugin Pike Firewall Information Disclosure (1.4)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure