2025-06-20 15:54:13
redhat
PUBLISHED
A command injection vulnerability was discovered in the TrustyAI Explainability toolkit. Arbitrary commands placed in certain fields of a LMEValJob custom resource (CR) may be executed in the LMEvalJob pods terminal. This issue can be exploited via a maliciously crafted LMEvalJob by a user with permissions to deploy a CR.