dhcpcd-6.4.7 is not vulnerable to this issue as it sanitises variables before calling the shell.