Lwindolf

**Name of the Vulnerable Software and Affected Versions** liferea (affected versions not specified) **Description** A critical issue has been found, affecting the function `update job run` of the file `src/update.c` in the component Feed Enrichment. The manipulation of the argument `source` with the input `|date >/tmp/bad-item-link.txt` leads to os command injection. This issue can be exploited remotely. **Recommendations** To fix this issue, it is recommended to apply a patch. Specifically, the patch named `8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59` should be applied. As a temporary workaround, consider disabling the `update job run` function until a patch is available. Additionally, if "Extract full content from HTML5 and Google AMP" has been enabled for one or more feed subscriptions, it is recommended to restrict this feature to minimize the risk of exploitation.