[HIGH] Composer has multiple command injections via malicious git/hg branch names

PKSA-b8f7-zn44-r4gz CVE-2024-35242 GHSA-v9qv-c7wm-wgmf

Affected package: composer/composer

Affected version: >=2.3,<2.7.7|>=2.0,<2.2.24

Reported by:
GitHub