Public CVE-2017-1002152 disclosure

modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.