Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Packistry accepts expired access tokens
Vulnerability Description
Packistry is a self-hosted Composer repository designed to handle PHP package distribution. Prior to version 0.13.0, RepositoryAwareController::authorize() verified token presence and ability, but did not enforce token expiration. As a result, an expired deploy token with the correct ability could still access repository endpoints (e.g., Composer metadata/download APIs). The fix in version 0.13.0 adds an explicit expiration check, and tests now test expired deploy tokens to ensure they are rejected.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Packistry 代码问题漏洞
Vulnerability Description
Packistry是Packistry开源的一个自托管的Composer仓库。 Packistry 0.13.0之前版本存在代码问题漏洞,该漏洞源于未强制执行令牌过期检查,可能导致未经授权的访问。
CVSS Information
N/A
Vulnerability Type
N/A