The flaw is a rare ‘unquoted path class’ described as “so thoroughly documented that you would expect programmers to be well aware…” But that’s not the case.

from Naked Security https://ift.tt/2nRawjc
via IFTTT