The host is installed with Docker Desktop before 4.17.x and is prone to a command injection vulnerability. A flaw is present in the application, which fails to handle a specially crafted malicious docker-desktop:// URL. Successful exploitation allows an attacker to execute an arbitrary command inside a Dev Environments container.