Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.
| Software | From | Fixed in |
|---|---|---|
| university_of_washington / pine | 4.20 | 4.20.x |
| university_of_washington / pine | 4.21 | 4.21.x |