[MEDIUM] Symfony's incorrect argument escaping under MSYS2/Git Bash can lead to destructive file operations on Windows

PKSA-2xjm-ff52-fzd5 CVE-2026-24739 GHSA-r39x-jcww-82v6

Affected package: symfony/symfony

Affected version: >=8.0,<8.0.5|>=7.4,<7.4.5|>=7.3,<7.3.11|>=6.4,<6.4.33|<5.4.51

Reported by:
GitHub