Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Pine | University_of_washington | 4.20 (including) | 4.20 (including) |
Pine | University_of_washington | 4.21 (including) | 4.21 (including) |