Affected versions of this package are vulnerable to Improper Neutralization. URLs for Mercurial repositories in the root
composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the
hg/Mercurial is installed on the system.
composer/composer to version 2.0.13, 1.10.22 or higher.