CVE-2020-15167

Name of the Vulnerable Software and Affected Versions Miller versions 5.9.0

Description The issue allows an attacker to execute arbitrary code by placing a malicious .mlrrc file in the working directory, leveraging the configuration file support introduced in version 5.9.0. A fix is ready and will be released.

Recommendations For Miller version 5.9.0, update to version 5.9.1 once it is released to resolve the issue. As a temporary workaround, consider avoiding the use of the configuration file support or restricting access to the working directory to minimize the risk of exploitation.