Windows users running Composer to install untrusted dependencies are affected and should definitely upgrade for safety. Other OSs and WSL are not affected.
1.10.23 and 2.1.9 fix the issue
None
github.com/composer/composer
github.com/composer/composer/commit/ca5e2f8d505fd3bfac6f7c85b82f2740becbc0aa
github.com/composer/composer/security/advisories/GHSA-frqg-7g38-6gcf
github.com/FriendsOfPHP/security-advisories/blob/master/composer/composer/CVE-2021-41116.yaml
nvd.nist.gov/vuln/detail/CVE-2021-41116
www.sonarsource.com/blog/securing-developer-tools-package-managers
www.tenable.com/security/tns-2022-09