Composer will query Packagist to obtain metadata about the package to download. This includes where to fetch the code from (both source and pre-build archives). Rather than implementing various version console software Composer calls out to the respective program. It does escape the URL to prevent any command injection vulnerabilities but it does not ensure the url is actually a url. Opening up these calls to argument injection. They found that hg (Mercurial) could be leveraged for code execution.