Jared Mcneill

**Name of the Vulnerable Software and Affected Versions** tnftp versions 5.1 through 5.1.4 tnftp versions 5.2 through 5.2.2 tnftp versions 6.0 through 6.0.6 tnftp versions 6.1 through 6.1.5 **Description** The issue allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect. This is due to a problem in the `fetch url` function in `usr.bin/ftp/fetch.c`. **Recommendations** For versions 5.1 through 5.1.4, update to a version that fixes the issue in the `fetch url` function. For versions 5.2 through 5.2.2, update to a version that fixes the issue in the `fetch url` function. For versions 6.0 through 6.0.6, update to a version that fixes the issue in the `fetch url` function. For versions 6.1 through 6.1.5, update to a version that fixes the issue in the `fetch url` function.