The vulnerability of the getUnpushedChanges() function in the dependency manager for PHP Composer allows a hacker to execute arbitrary commands.

The vulnerability of the getUnpushedChanges function in the PHP Composer dependency manager is related to the improper elimination of special elements. Exploiting this vulnerability could allow an attacker to execute arbitrary commands using the status, reinstall, and remove commands...