From 4fb187f4b621f21c0995813a50ecde4bc506b411 Mon Sep 17 00:00:00 2001 From: "aikido-autofix[bot]" <119856028+aikido-autofix[bot]@users.noreply.github.com> Date: Thu, 21 May 2026 13:27:16 +0000 Subject: [PATCH] fix(security): autofix Unsafe exec usage can lead to remote code execution --- composer/Composer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer/Composer.php b/composer/Composer.php index 09f4fdf0ec45..aef45973f361 100644 --- a/composer/Composer.php +++ b/composer/Composer.php @@ -83,7 +83,7 @@ protected static function setTemplateProjectStability(string $root, string $vers $templateProjectPaths = static::composerSubprojectPaths($root, 'Template'); foreach ($templateProjectPaths as $path) { $dir = dirname($path); - exec("composer --working-dir=$dir config minimum-stability $stability", $output, $status); + exec("composer --working-dir=" . escapeshellarg($dir) . " config minimum-stability " . escapeshellarg($stability), $output, $status); if ($status) { throw new \Exception('Could not set minimum-stability for template project ' . basename($dir)); }