All versions of umount
are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec
call on the umount
function . This may allow attackers to execute arbitrary code in the system if the device
value passed to the function is user-controlled.
No fix is currently available. Consider using an alternative package until a fix is made available.