Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
Published August 11, 2020.
Debian Debian Linux
Firejail Project Firejail