scripts/xzgrep.in in xzgrep 5.2.x prior to 5.2.0, prior to 5.0.0 does not properly process file names containing semicolons, which allows remote malicious users to execute arbitrary code by having a user run xzgrep on a crafted file name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
tukaani xz |