A vulnerability was discovered and corrected in freeciv: freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via scenario that contains Lua functionality, related to the os, io, package, dofile, loadfile, loadlib, module, and require modules or functions . The updated packages have been upgraded to v2.2.1 which is not vulnerable to this issue.