Description
In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95.
Remediation
References
https://github.com/erelsgl/limdu/security/advisories/GHSA-77qv-gh6f-pgh4
Related Vulnerabilities
CVE-2020-13957 Vulnerability in maven package org.apache.solr:solr-solrj
CVE-2023-37957 Vulnerability in maven package io.jenkins.plugins:pipeline-restful-api
CVE-2020-15092 Vulnerability in npm package @knight-lab/timelinejs
CVE-2021-34797 Vulnerability in maven package org.apache.geode:geode-core
CVE-2023-31418 Vulnerability in maven package org.elasticsearch:elasticsearch