Severity: Critical
CVSS Score: 9.8
duck before 0.10 did not properly handle loading of untrusted code from the current directory.