PHP Improper Encoding or Escaping of Output Vulnerability - CVE-2024-5585

In PHP versions8.1. before 8.1.29 8.2. before 8.2.20 8.3. before 8.3.8 the fix forCVE-2024-1874 does not work if the command name includes trailing spaces. Original issue:when using proc_open() command with array syntax due to insufficient escaping if the arguments of the executed command are controlled by a malicious user the user can supply arguments that would execute arbitrary commands in Windows shell.