[HIGH] Improper escaping of command arguments on Windows leading to command injection

PKSA-93hy-9dc1-gbwt CVE-2021-41116 GHSA-frqg-7g38-6gcf

Affected package: composer/composer

Affected version: >=2.0.0-alpha1,<2.1.9|<1.10.23

Reported by:
FriendsOfPHP/security-advisories, GitHub