ChlorideCull
commented
3 years ago It's generally considered rude to file issues originating from automatic tools without verifying their validity. There is no attacker controlled values in use in the two listed locations.
This causes a new process to execute and is difficult to use safely.
Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run.
LABEL: Bug SEVERITY: Major SOLUTION: Application path in first argument COMMON WEAKNESS ENUMERATION INDEX: CWE-78
Instances found in the GitHub repository: