Remote code execution vulnerability
If files downloaded contain shell characters it's possible to execute code as the client user
Advisories for Gem/Flash_tool package
2013
If files downloaded contain shell characters it's possible to execute code as the client user