Wazuh – Active response tools allow arbitrary code execution
In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. Ref https://github.com/wazuh/wazuh/issues/10858
