CVE-2024-10224 – Ubuntu Security Notice USN-7117-3

https://notcve.org/view.php?id=CVE-2024-10224

19 Nov 2024 — Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval(). Qualys discovered that needrestart passed unsanitized data to a library which expects safe input. A local attacker could possibly use this issue to execute arbitrary code as root. Qualys discovered that the library libmodul... • https://packetstorm.news/files/id/182765 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •