The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
[
{
"product": "OpenShift Origin",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
]