2025-05-07 00:00:00
mitre
PUBLISHED
dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used.