unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Unp | Debian | * | 1.0.12 |