Description
In Limdu before 0.95, the trainBatch function has a command injection vulnerability. Clients of the Limdu library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. This has been patched in 0.95.
Remediation
References
https://github.com/erelsgl/limdu/security/advisories/GHSA-77qv-gh6f-pgh4
Related Vulnerabilities
CVE-2020-1718 Vulnerability in maven package org.keycloak:keycloak-parent
CVE-2021-21343 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2019-17359 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2014-3612 Vulnerability in maven package org.apache.activemq:activemq-broker
CVE-2013-2033 Vulnerability in maven package org.jenkins-ci.main:jenkins-core