Do you use jumps autocompletion? I don't... but lot's of Jump users do. If you happen to be one of the lot's and tried to autocomplete creatively named directories consisting shell-significant characters, the completion wouldn't work. Even worse, the completion could have triggered a shell command with specially crafted directory names and that's not good. Not good at all. It's a security issue!
Say you have the following directories indexed by jump already:
/Users/genadi/Test/
├── $\ dolla\ billz,\ yo!
├── $(mkdir\ Test2;\ echo\ you\ have\ been\ pwnd\ >&2)
└── test\ folder\ with\ `\ and\ -\ "\ all\ that\ jazz
j jazz<Tab> would not have opened the directory, but would have waited for you to close the ` or " quotes:
$ j /Users/genadi/Test/test folder with ` and - " all that jazz
>
j dolla<Tab> would have left you in /Users/genadi/Test
$ j /Users/genadi/Test/$ dolla billz, yo!
$ pwd
/Users/genadi/Test
... and worst of all, j pwnd<Tab> would have hacked you! Still, creating a folder is not that harmful, but running any available command with the permission of the current user is!
$ ls
Desktop Documents Library Music Public 'VirtualBox VMs'
Developer Downloads Movies Pictures Test bin
$ j /Users/genadi/Test/$(mkdir Test2; echo you have been pwnd >&2)
you have been pwnd
$ ls ~
Desktop Documents Library Music Public Test2 bin
Developer Downloads Movies Pictures Test 'VirtualBox VMs'
All of this is fixed in Jump 0.40.0 by escaping the autocompletion. Running j pwnd<Tab> now does:
$ ls
Desktop Documents Library Music Public 'VirtualBox VMs'
Developer Downloads Movies Pictures Test bin
$ j '/Users/genadi/Test/$(mkdir Test2; echo you have been pwnd >&2)'
$ pwd
/Users/genadi/Test/$(mkdir Test2; echo you have been pwnd >&2)
$ ls ~
Desktop Documents Library Music Public 'VirtualBox VMs'
Developer Downloads Movies Pictures Test bin
Please, make sure to upgrade to 0.40.0 as soon as you can.