Polymo1

**Name of the Vulnerable Software and Affected Versions** xdg-desktop-portal-hyprland versions prior to 1.3.3 **Description** The issue allows OS command execution due to the lack of single quotes when sending a list of app IDs and titles via the environment. This can be exploited because of how the environment variables are handled. **Recommendations** For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of environment variables that may be used to send app IDs and titles to minimize the risk of exploitation.