Product
A vulnerability in the 'sh' package, affecting Linux/Unix-like systems, allows for an incomplete privilege drop when the `_uid` option is used. When a process with elevated privileges launches a child process with `_uid=<unprivileged user>`, the child process changes its UID and primary GID but fails to reset its supplementary groups. This flaw enables the child process to retain potentially privileged supplementary groups (e.g., root, docker), bypassing intended privilege boundaries and granting access to resources beyond its expected permissions.