Pallets Click contains a command injection via Unsanitized Filename "click.edit()"
Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.
2. github.com/pallets/click: Pallets Click: Arbitrary command execution via command injection in click.edit()
A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit() function, allows an attacker with an unprivileged account to execute arbitrary operating system (OS) commands. This could lead to unauthorized control over the affected system.