The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | <= 6.11.* |