Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.
| Software | From | Fixed in |
|---|---|---|
| university_of_washington / pine | 4.0 | 4.0.x |
| university_of_washington / pine | 4.2 | 4.2.x |
| university_of_washington / pine | 4.10 | 4.10.x |
| university_of_washington / pine | 3.98 | 3.98.x |