CVE-2022-3874: OS command injection via ct_command and fcct_command
Instead of allowing to call any command by changing a setting, only allow specific paths to ct/fcct. If the user needs a different path, they can set it via settings.yaml.
Related issues
Bug #36759: CVE-2022-3874: OS command injection via ct_command and fcct_command
Added by Evgeni Golov 8 months ago
Fixes #36759 - only call allowed transpilers
CVE-2022-3874: OS command injection via ct_command and fcct_command
Instead of allowing to call any command by changing a setting, only
allow specific paths to ct/fcct. If the user needs a different path,
they can set it via settings.yaml.