Unsafe processing of special characters in CLI autocomplete
Using the ' character inside a value in config mode leads to unsafe execution of this value. For example:
[edit] vyos@vyos# set '`echo leaked > /tmp/cli`' [TAB] [edit] vyos@vyos# cat /tmp/cli leaked [edit] vyos@vyos#
Or even more funny (DO NOT DO THIS ON PRODUCTION):
set '`sudo systemctl reboot`' [TAB to reboot immediately]
This is a critical bug, a proper processing of special characters should be added.