Name of the Vulnerable Software and Affected Versions:

ChargePoint Home Flex version 5.5.4.13

Description:

The software does not validate a user-controlled string for bz2 decompression, which can lead to command execution as the nobody user.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.