0.019 Low
EPSS
Percentile
88.6%
An issue was discovered in Leptonica through 1.75.3. The gplotMakeOutput function allows command injection via a $(command) approach in the gplot rootname argument. This issue exists because of an incomplete fix for CVE-2018-3836.
bugzilla.redhat.com/show_bug.cgi?id=1549725