nadesiko3 is vulnerable to OS command injection. The vulnerability exists due to compression and decompression which allows an attacker to inject and execute arbitrary commands.
github.com/kujirahand/nadesiko3/commit/56ccfb2f9cceaec83e6a9d3024c3ba8c54ebe1a4
github.com/kujirahand/nadesiko3/commit/bb6dcb43efa109edd8165fce92277fc8806c77d4
github.com/kujirahand/nadesiko3/issues/1325
github.com/kujirahand/nadesiko3/issues/1347
github.com/kujirahand/nadesiko3/releases/tag/3.3.62
github.com/kujirahand/nadesiko3/releases/tag/3.3.69
jvn.jp/en/jp/JVN56968681/index.html