Merge pull request #593 from stof/patch-1

fabpot · web-flow · commit 179e2b97aa48 · 2021-10-20T10:03:44.000+02:00
Add CVE-2021-41116 for composer
diff --git a/composer/composer/CVE-2021-41116.yaml b/composer/composer/CVE-2021-41116.yaml
@@ -0,0 +1,11 @@
+title:     Improper escaping of command arguments on Windows leading to command injection
+link:      https://github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
+cve:       CVE-2021-41116
+branches:
+    2.x:
+        time:     2021-10-05 07:39:00
+        versions: ['>=2.0.0-alpha1', '<2.1.9']
+    1.10.x:
+        time:     2021-10-05 07:39:00
+        versions: ['<1.10.23']
+reference: composer://composer/composer
