EPSS
Percentile
88.6%
osc is vulnerable to remote code injection. An attacker can change downloaded packages to overwrite arbitrary files.
bugzilla.suse.com/show_bug.cgi?id=1122675
security-tracker.debian.org/tracker/CVE-2019-3681