github.com/google/fscrypt is vulnerable to OS command injection. The vulnerability exists in fscrypt_mountpoints
function of fscrypt_bash_completion
because the “compgen -W” is not single quoted which allows an attacker to inject and execute untrusted arbitrary strings.