2005-05-13 06:00:00 2017-10-11 03:30:00

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.