Tag
A remote code execution vulnerability exists in Intake versions prior to 2.0.9 due to the automatic expansion of the `shell()` syntax within parameter default values during catalog parsing, allowing an attacker to execute arbitrary commands by loading a malicious catalog YAML file.