pfSense pfBlockerNG through 2.1.4_26 is susceptible to OS command injection via root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.
View the template here CVE-2022-31814.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-31814