Name of the Vulnerable Software and Affected Versions plotter versions all

Description The issue concerns a command injection problem where the plotter package fails to properly sanitize plot titles. This could allow attackers to execute arbitrary code on the system if a user-supplied title value is used. A proof-of-concept demonstrates the creation of a 'testing' file in the current directory by exploiting this weakness.

Recommendations For all versions, consider using an alternative package until a fix is made available. As a temporary workaround, consider validating and sanitizing all user-supplied input for the title variable to minimize the risk of exploitation.