The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user’s terminal and certain options are set.
[
{
"vendor": "n/a",
"product": "rxvt-unicode",
"versions": [
{
"version": "rxvt-unicode 9.30",
"status": "affected"
}
]
}
]