Wency

**Name of the Vulnerable Software and Affected Versions** openEuler aops-ceres versions 1.3.0 through 1.4.1 **Description** The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection', which allows Command Injection. This problem is associated with the program files ceres/function/util.py. Local exploit is possible, and as a precaution, it is recommended to restrict local access and monitor for updates. **Recommendations** For versions 1.3.0 through 1.4.1, restrict local access to the vulnerable component and monitor for updates. As a temporary workaround, consider restricting access to the ceres/function/util.py file until a patch is available.