All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.
smartctl project smartctl