A vulnerability classified as critical was found in GNU Global up to 6.6.12. Affected by this vulnerability is an unknown functionality of the component dbpath Handler. The manipulation leads to os command injection.
This vulnerability is known as CVE-2024-38448. The attack can only be done within the local network. There is no exploit available.