File php-composer2-CVE-2024-35241.patch of Package php-composer2.34329
--- a/src/Composer/Downloader/GitDownloader.php
+++ b/src/Composer/Downloader/GitDownloader.php
@@ -294,9 +294,9 @@ if ($branchNotFoundError) {
$unpushedChanges = null;
}
foreach ($remoteBranches as $remoteBranch) {
-$command = sprintf('git diff --name-status %s...%s --', $remoteBranch, $branch);
+$command = ['git', 'diff', '--name-status', $remoteBranch.'...'.$branch, '--'];
if (0 !== $this->process->execute($command, $output, $path)) {
-throw new \RuntimeException('Failed to execute ' . $command . "\n\n" . $this->process->getErrorOutput());
+throw new \RuntimeException('Failed to execute ' . implode(' ', $command) . "\n\n" . $this->process->getErrorOutput());
}
$output = trim($output);