Tag
Composer is vulnerable to command injection via a malicious Perforce repository due to improper escaping of user-supplied Perforce connection parameters, potentially leading to arbitrary command execution in the context of the user running Composer.