oss-sec mailing list archives
Insufficient TLS Protection in Composer (PHP)
From: Pádraic Brady <padraic.brady () gmail com>
Date: Sat, 25 Apr 2015 19:49:54 +0100
My I request a CVE ID for the following, which is a publicly disclosed unpatched vulnerability on Composer's issue tracker since 2012. Composer is an open source package manager for PHP. The specific issue pertaining to this request is a failure to perform TLS peer verification on remote requests when making any API request or retrieving any file, i.e. there is a singular client class. Ref: https://github.com/composer/composer/issues/1074 Kind regards, Paddy -- Pádraic Brady
Current thread:
- Insufficient TLS Protection in Composer (PHP) Pádraic Brady (Apr 25)