CVE-2021-42538

The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.

Amir Preminger of Claroty reported these vulnerabilities to CISA