Brian Campbell

Name of the Vulnerable Software and Affected Versions: gkrellm-newsticker versions before 0.3-3.1 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the `ticker title` of a URI. This can be exploited by including malicious input in the title, potentially leading to unauthorized command execution. Recommendations: For versions before 0.3-3.1, update to version 0.3-3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of URI titles to minimize the risk of exploitation. Avoid using potentially malicious input in the `ticker title` until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: gkrellm-newsticker versions before 0.3-3.1 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, by exploiting link or title elements that contain multiple lines. Recommendations: For versions before 0.3-3.1, update to version 0.3-3.1 or later to resolve the issue.