Fatih

**Name of the Vulnerable Software and Affected Versions** OpenVPN Connect versions 3.0 through 3.4.6 **Description** The issue is related to the failure to neutralize instructions in dynamically executed code. Exploitation of this issue may allow an attacker to execute arbitrary code using the `DYLD INSERT LIBRARIES` environment variable. This can enable local users to execute code in external third-party libraries. **Recommendations** For OpenVPN Connect versions 3.0 through 3.4.6, update to a version that contains a fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the `DYLD INSERT LIBRARIES` environment variable until a patch is available.