Severity: Critical
CVSS Score: 9.8
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.