Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables.
https://github.com/89luca89/distrobox/issues/1275
https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944