{"id":"CVE-2010-2246","details":"feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.","modified":"2026-04-10T03:41:16.526053Z","published":"2011-05-26T18:55:01Z","references":[{"type":"EVIDENCE","url":"http://openwall.com/lists/oss-security/2010/06/25/4"},{"type":"EVIDENCE","url":"http://openwall.com/lists/oss-security/2010/06/28/4"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/41161"},{"type":"WEB","url":"http://derf.homelinux.org/git/feh/plain/ChangeLog"}],"schema_version":"1.7.5"}