Description

A installed.json file was discovered. Composer is a tool for dependency management in PHP. It allows you to declare the libraries your project depends on and it will manage (install/update) them for you. After installing the dependencies, Composer stores the list of them in a special file for internal purposes.

As the file is publicly accessible, it leads to disclosure of information about components used by the web application.

Remediation

Restrict access to vendors directory

References

Composer Basic usage

Related Vulnerabilities

WordPress Plugin Aspose Cloud eBook Generator Arbitrary File Download (1.0)

Rails application running in development mode

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.3)

WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.15)

WordPress Plugin Easy Author Image Information Disclosure (1.5)

Severity

Low

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Tags

Information Disclosure