nmap4j 1.1.0 allows attackers to execute arbitrary commands via shell metacharacters in an includeHosts call.