CVE-2024-29864 – Gentoo Linux Security Advisory 202412-18

https://notcve.org/view.php?id=CVE-2024-29864

21 Mar 2024 — Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. Distrobox anterior a 1.7.0.1 permite a los atacantes ejecutar código arbitrario mediante la inyección de comandos en ejecutables exportados. A vulnerability has been discovered in Distrobox, which can lead to arbitrary code execution. Versions greater than or equal to 1.7.0.1 are affected. • https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •