code injection vulnerability of com.alibaba.flink.ml.cluster.node.runner.python.ProcessPythonRunner.checkPythonEnvironment

[ACE-777]

Version:
Version from 1.5.0 until the latest(1.6.2).

Describe the bug:
Passing cmd with command of unix shell as parameter of com.alibaba.flink.ml.cluster.node.runner.python.ProcessPythonRunner.checkPythonEnvironment(java.lang.String) can inject malicious commands.
For example, the following code ProcessPythonRunner.checkPythonEnvironment("/usr/bin/gnome-calculator") will open Calculator.

To Reproduce:
Just execute ProcessPythonRunner.checkPythonEnvironment("/usr/bin/gnome-calculator"), it would reproduce it.

Urgency:
Due to this vulnerability, any malicious code can be executed, so the impact is large.