Description

A composer.lock file was discovered in this directory. Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you. After installing the dependencies, Composer writes the list of the exact versions it installed into a composer.lock file. This locks the project to those specific versions.

Invicti analyzed all the project dependencies listed in the composer.lock file and found one or more project dependencies with known vulnerabilities. It's recommended to upgrade all the vulnerable packages to the latest versions.

Remediation

Upgrade each vulnerable package to the latest version.

References

Composer Basic usage

Related Vulnerabilities

Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-6931)

Oracle JRE CVE-2013-0437 Vulnerability (CVE-2013-0437)

WordPress Plugin Job Manager Multiple Cross-Site Scripting Vulnerabilities (0.7.18)

PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-43789)

Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9518)

Severity

High

Classification

CWE-937 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Missing Update