Composer Packages Exposure
A composer package manager file revealing project dependency structure was discovered.
- php
- composer
- packages
- package manager
- exposure
Composer is a dependency manager for PHP. It allows you to declare the libraries your project depends on, and it will manage (install/update) them for you.
Impact
Composer artefacts such as composer.json and composer.lock can reveal the presence of internal software dependencies, version, directories and other sensitive information that be used by attackers.
Solution
Ensure that all build artefacts such as composer.json and composer.lock are removed prior to publishing your solution.
Was this page helpful?