liferea is vulnerable to Command Injection. The vulnerability exists in the update_job_run
function of update.c
, which allows an attacker to manipulate of the argument source with the input |date >/tmp/bad-item-link.txt
leads to os command injection