Advisories for Gem/Ftpd package

The ls interface can have commands injected into it if option or filename contain the shell character. This vulnerability requires that the file having commands injected in to it be in the Current Working Directory (CWD).