The_Walrus_88

**Name of the Vulnerable Software and Affected Versions** Canto Curses versions prior to 0.9.0 **Description** The issue allows remote feed servers to execute arbitrary commands via shell metacharacters in a URL in a feed. This is due to a problem in the canto curses/guibase.py file. **Recommendations** For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to feeds from untrusted sources to minimize the risk of exploitation.