CVE-2023-38336 Information

Description

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem a related issue to CVE-2006-0225 CVE-2019-7283 and CVE-2020-15778.

Reference

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039689