From a security point of view, this bug report does not seems to describe a vulnerability: an arbitrary plugin goal is to achieve arbitrary code execution... and in order to reach this eval, the plugin must be installed first.
However this code might deserve some strengthening... I suggest to remove the OSSA task and open this report.
From a security point of view, this bug report does not seems to describe a vulnerability: an arbitrary plugin goal is to achieve arbitrary code execution... and in order to reach this eval, the plugin must be installed first.
However this code might deserve some strengthening... I suggest to remove the OSSA task and open this report.
Let me know if that works for you.