Security researchers at SonarSource say the flaw could put millions of websites at risk. The flaw affects Composer – a tool used to manage and install software dependencies in the PHP ecosystem. The vulnerability has been present since the first versions of Composer appeared 10 years ago. Security experts recommend you upgrade Composer and VcsRepository with user-controlled URLs or if you have your own Packagist instance, make extra sure to upgrade. An attacker could trick Composer into downloading the wrong source code by manipulating the URL and then deploy the attackers backdoor.”]
PHP Composer Flaw That Could Affect Millions of Sites Patched
