Tehryanx

**Name of the Vulnerable Software and Affected Versions** Diffy versions prior to 3.4.1 Diffy version 3.4.1 **Description** The function that calls the diff tool in Diffy does not properly handle double quotes in a filename when run in a Windows environment. This allows attackers to execute arbitrary commands via a crafted string. **Recommendations** For Diffy versions prior to 3.4.1, update to version 3.4.1 or later to resolve the issue. For Diffy version 3.4.1, consider disabling the function that calls the diff tool until a patch is available. Restrict access to the diff tool to minimize the risk of exploitation. Avoid using double quotes in filenames when running Diffy in a Windows environment until the issue is resolved.