From b93fc6ca437da35ae73d667d0618749c763b67d4 Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Mon, 10 Jun 2024 14:56:42 +0200
Subject: [PATCH] Merge pull request from GHSA-47f6-5gq3-vx9c

---
 src/Composer/Downloader/GitDownloader.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Composer/Downloader/GitDownloader.php b/src/Composer/Downloader/GitDownloader.php
index 908cb08e7..0552c077f 100644
--- a/src/Composer/Downloader/GitDownloader.php
+++ b/src/Composer/Downloader/GitDownloader.php
@@ -290,7 +290,7 @@ class GitDownloader extends VcsDownloader implements DvcsDownloaderInterface
                     $unpushedChanges = null;
                 }
                 foreach ($remoteBranches as $remoteBranch) {
-                    $command = sprintf('git diff --name-status %s...%s --', $remoteBranch, $branch);
+                    $command = sprintf('git diff --name-status %s --', ProcessExecutor::escape($remoteBranch.'...'.$branch));
                     if (0 !== $this->process->execute($command, $output, $path)) {
                         throw new \RuntimeException('Failed to execute ' . $command . "\n\n" . $this->process->getErrorOutput());
                     }