Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-49284

Source

                https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f
reports:

Package: fish-shell
Affected versions: &lt; 3.6.2
Patched versions: 3.6.2
CVSS: 3.9 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L)
CVE ID: CVE-2023-49284

Impact:

Consider the following:

In foo.py:

At the shell:

&gt; echo $(python3 foo.py)
/home/fishuser

Patches:

fish shell 3.6.2 has been released to correct this issue.

--
        -Alan Coopersmith-                 alan.coopersmith () oracle com
         Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-49284: fish command substitution output can trigger shell expansion

Vulmon Search

About

Products

Connect