A command injection vulnerability was discovered in the rpmuncompress utility of RPM. When extracting certain archive formats (ZIP, 7z, GEM) to a specified destination directory, the tool inserts the archive's top-level folder name into a shell command without properly sanitizing it. A specially crafted archive containing shell metacharacters in its folder name can execute arbitrary commands as the user running the extraction.
4.16.1.2+dfsg1-3ubuntu14.16.1.2+dfsg1-3ubuntu34.17.0+dfsg1-14.17.0+dfsg1-34.17.0+dfsg1-44.17.0+dfsg1-4build14.18.0+dfsg-1build14.18.0+dfsg-1build24.18.2+dfsg-14.18.2+dfsg-24.18.2+dfsg-2.1build14.18.2+dfsg-2.1build24.20.1+dfsg-14.20.1+dfsg-24.20.1+dfsg-2build14.20.1+dfsg-34.20.1+dfsg-36.0.0-26.0.1-16.0.1-1build14.11.1-24.11.1-34.11.1-3ubuntu0.14.11.1-3ubuntu0.1+esm14.12.0.1+dfsg1-3build24.12.0.1+dfsg1-3build34.12.0.1+dfsg1-3ubuntu0.1~esm14.12.0.2+dfsg1-2build24.14.0+dfsg1-24.14.1+dfsg1-24.14.1+dfsg1-2ubuntu0.1~esm14.14.2.1+dfsg1-14.14.2.1+dfsg1-1build14.14.2.1+dfsg1-1build24.14.2.1+dfsg1-1ubuntu0.1~esm1Exploitability
AV:LAC:HPR:NUI:RScope
S:UImpact
C:HI:HA:HCVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H