Security researchers at SonarSource say the flaw could put millions of websites at risk. The flaw affects PHP Composer – a tool used to manage and install software dependencies in the PHP ecosystem. An attacker could trick Composer into downloading the wrong source code by manipulating the URL and then deploy the attackers backdoor on the server running Composer. The vulnerability has been present since the first versions of Packagist appeared 10 years ago, researchers say. The fix was deployed within 12 hours.”]
Source: https://www.cuinfosecurity.com/php-composer-flaw-that-could-affect-millions-sites-patched-a-16523