Flyingmana

**Name of the Vulnerable Software and Affected Versions** Composer versions through 1.0.0-alpha11 **Description** The issue allows cache poisoning from other projects built on the same host, resulting in attacker-controlled code entering a server-side build process. This occurs because of the way that dist packages are cached, with the cache key derived from the package name, the dist type, and certain other data from the package repository, such as a commit hash that can be found by an attacker. **Recommendations** For versions through 1.0.0-alpha11, update to version 1.0.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OpenMage versions prior to 19.4.6 OpenMage versions prior to 20.0.2 **Description** This issue allows attackers to circumvent the `fromkey protection` in the Admin Interface, increasing the attack surface for Cross Site Request Forgery attacks. **Recommendations** For versions prior to 19.4.6, update to version 19.4.6 or later. For versions prior to 20.0.2, update to version 20.0.2 or later. As a temporary workaround, consider restricting access to the Admin Interface to minimize the risk of exploitation.