canto_curses/guibase.py in Canto Curses prior to 0.9.0 allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canto canto curses |
||
canto canto curses 0.9.0 |
||
canto canto curses 0.8.4 |