{
  "modified": "2025-08-09T19:01:27Z",
  "published": "2011-05-26T18:55:01Z",
  "id": "CVE-2010-2246",
  "details": "feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.",
  "references": [
    {
      "type": "EVIDENCE",
      "url": "http://openwall.com/lists/oss-security/2010/06/25/4"
    },
    {
      "type": "EVIDENCE",
      "url": "http://openwall.com/lists/oss-security/2010/06/28/4"
    },
    {
      "type": "EVIDENCE",
      "url": "http://www.securityfocus.com/bid/41161"
    },
    {
      "type": "WEB",
      "url": "http://derf.homelinux.org/git/feh/plain/ChangeLog"
    }
  ]
}