Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944 https://github.com/89luca89/distrobox/issues/1275
Created distrobox tracking bugs for this issue: Affects: epel-8 [bug 2270917] Affects: fedora-all [bug 2270918]
Sorry, I missed this report and I updated the package without using the template to for the 'fedpkg update' request Issue was solved on 1.7.0.1 Please close this bug