An issue in tiagorlampert CHAOS v5.0.1 allows a remote malicious user to execute arbitrary code via the BuildClient function within client_service.go