The download_from_url function in OpenShift Origin allows remote attackers to execute arbitrary commands via shell metacharacters in the URL of a request to download a cart.
The download_from_url function
Exploit
CVE-2013-2060
NVD
Refer to CVE-2013-2060 NVD advisory