Blog

In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. Ref  https://github.com/wazuh/wazuh/issues/10858