On Sun, May 27, 2018 at 10:54:06PM +0200, Gabriel Corona wrote: > This seems correct with respect to injection through the URI: > the URI string cannot be expanded into multiple arguments > and is not passed to `system()`.
Agreed, this CVE seems like a non issue, the CVE entry at MITRE
also only refers back to the Security Tracker...
Cheers,
Moritz
