@pradeeban
File: fri/server/main.py
Severity: CRITICAL
The /contribute endpoint passes user-supplied JSON directly to subprocess.check_output() with shell=True:
proc = check_output(["contribute", STUDY_NAME, BRANCH_NAME, PR_BODY],
cwd=concore_path, shell=True)
An attacker can send {"branch": "main & rm -rf /"} to execute arbitrary system commands on the server. The /library endpoint has the same vulnerability.