canto_curses/guibase.py in Canto Curses before 0.9.0...
High severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Description
Published by the National Vulnerability Database
Dec 3, 2014
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Feb 3, 2023
canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
References