Description

A installed.json file was discovered. Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you. After installing the dependencies, Composer stores the list of them in a special file for internal purposes.

As the file is publicly accessible, it leads to disclosure of information about components used by the web application.

Remediation

Restrict access to vendors directory

References

Composer Basic usage

Related Vulnerabilities

Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5491)

WordPress Plugin Stop User Enumeration User Enumeration (1.3.8)

WordPress Plugin IgniteUp-Coming Soon and Maintenance Mode Multiple Vulnerabilities (3.4)

Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3790)

Phpfastcache phpinfo publicly accessible (CVE-2021-37704)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure