There is no input validation on the Locale property in an apt transaction. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
Path Traversal
Aptdaemon
NVD
CVSS 3.1
3.3
EPSS
0.5%