Description
In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95.
Remediation
References
https://github.com/erelsgl/limdu/security/advisories/GHSA-77qv-gh6f-pgh4
Related Vulnerabilities
CVE-2012-4529 Vulnerability in maven package org.jboss.as:jboss-as-web
CVE-2020-2253 Vulnerability in maven package org.jenkins-ci.plugins:email-ext
CVE-2012-5886 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2023-41037 Vulnerability in npm package openpgp
CVE-2013-0239 Vulnerability in maven package org.apache.cxf:cxf-bundle