acme.sh: "A pure Unix shell script implementing ACME client protocol "
Issued a fix: Release Fix important remote exec bug · acmesh-official/acme.sh · GitHub
After 3rd party cert “reissuer”(?) reported to be maliciously exploiting use of (unwisely used) _exec function in http validation process: acme.sh runs arbitrary commands from a remote server · Issue #4659 · acmesh-official/acme.sh · GitHub