Vulnerability Database

Composer Packages Exposure

Composer is a dependency manager for PHP. It allows you to declare the libraries your project depends on, and it will manage (install/update) them for you.

Composer artefacts such as composer.json and composer.lock can reveal the presence of internal software dependencies, version, directories and other sensitive information that be used by attackers.

Solution

Ensure that all build artefacts such as composer.json and composer.lock are removed prior to publishing your solution.

Ultimate

Enterprise
  • All Tools, Services, and Plans
  • Suitable For Enterprises
  • Single Sign-On Integration, Single Tenant
  • Dedicated Support, Custom Integrations
  • Annual or Monthly, Fixed-cost Billing