An issue was discovered in zsh before 5.6. The beginning of a #! script file was mishandled, potentially leading to an execve call to a program named on the second line.
Created zsh tracking bugs for this issue:
Affects: fedora-all [bug 1626190]
Closing this as NOTABUG and asked to MITRE to reject the CVE. Executing the second line of a script is not a security issue, since in the moment you execute a script you already expect all commands inside it to be executed.
Red Hat Product Security determined that this flaw was not a security vulnerability. See the Bugzilla link for more details.