CVE-2013-7416

Name of the Vulnerable Software and Affected Versions Canto Curses versions prior to 0.9.0

Description The issue allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. This is due to a problem in the canto curses/guibase.py file.

Recommendations For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to feeds from untrusted sources to minimize the risk of exploitation.