Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-frqg-7g38-6gcf

GitHub Security Advisory

Improper escaping of command arguments on Windows leading to command injection

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact
Windows users running Composer to install untrusted dependencies are affected and should definitely upgrade for safety. Other OSs and WSL are not affected.

### Patches
1.10.23 and 2.1.9 fix the issue

### Workarounds
None

Affected Packages

Packagist composer/composer
Affected versions: 0 (fixed in 1.10.23)
Packagist composer/composer
Affected versions: 2.0.0-alpha1 (fixed in 2.1.9)

Related CVEs

CVE-2021-41116

Key Information

GHSA ID
GHSA-frqg-7g38-6gcf
Published
October 5, 2021 8:23 PM
Last Modified
October 11, 2021 6:39 PM
CVSS Score
7.5 /10
Primary Ecosystem
Packagist
Primary Package
composer/composer
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 5, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.