Tm9Jdglz

**Name of the Vulnerable Software and Affected Versions** MISP versions 2.4.9x through 2.4.98 **Description** An issue was discovered in the STIX 1 import code of MISP, where an unescaped filename string is used to construct a shell command. This can be abused by a malicious authenticated user to execute arbitrary commands by tweaking the original filename of the STIX import. **Recommendations** For MISP versions 2.4.9x through 2.4.98, update to version 2.4.99 or later to resolve the issue. As a temporary workaround, consider restricting access to the STIX import functionality to minimize the risk of exploitation.