CVE-2020-7628

Name of the Vulnerable Software and Affected Versions umount versions 1.1.0 through 1.1.6 install-package versions 1.1.0 through 1.1.6

Description The issue is related to Command Injection. The device argument can be controlled by users without sanitization, allowing the execution of arbitrary commands via the device function. This may enable remote attackers to execute arbitrary code in the system if the device value passed to the function is user-controlled.

Recommendations For umount versions 1.1.0 through 1.1.6, consider using an alternative package until a fix is made available. For install-package versions 1.1.0 through 1.1.6, consider using an alternative package until a fix is made available. As a temporary workaround, consider restricting the use of the device function in the umount module to minimize the risk of exploitation.