Openshift has shell command injection flaws due to unsanitized data being passed into shell commands.
redhat openshift 1.0
redhat openshift 2.0