The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 allows remote attackers to execute arbitrary code. This is fixed in 2.4.5.Referenceshttps://discourse.chef.io/t/chef-manage-2-4-5-security-release/10599http://www.securityfocus.com/bid/97069
