XoanOuteiro
commented
3 months ago full range of vulnerability has not been assesed, any help about the exploitation capabilities will be thanked. If a researcher is able to prove impact comment it here, then I'll make sure to promptly patch it.
Using a single quote at the -u parameter will break the application logic, waiting for the user to input secondary actions. As this is harmless as long as the file has no root permissions it'll not be fixed quickly.