Improper Neutralization of Special Elements used in an OS Command in the
podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows
remote attackers to perform user-assisted code execution by crafting an RSS
item with a media enclosure (i.e., a podcast file) that includes shell
metacharacters in its filename, related to pb_controller.cpp and
queueloader.cpp, a different vulnerability than CVE-2017-12904.
More Information

Updated: 2019-03-19 11:22:48 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)