weechat -- Arbitrary shell command execution via scripts

2012-11-15T00:00:00
ID 81826D12-317A-11E2-9186-406186F3D89D
Type freebsd
Reporter FreeBSD
Modified 2012-11-18T00:00:00

Description

Sebastien Helleu reports:

Untrusted command for function hook_process could lead to execution of commands, because of shell expansions. Workaround with a non-patched version: remove/unload all scripts calling function hook_process (for maximum safety).