https://github.com/fish-shell/fish-shell/security/advisories/GHSA-2j9r-pm96-wp4f
reports:
Package: fish-shell
Affected versions: < 3.6.2
Patched versions: 3.6.2
CVSS: 3.9 (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L)
CVE ID: CVE-2023-49284
Impact:
Consider the following:
In foo.py:
At the shell:
> echo $(python3 foo.py)
/home/fishuser
Patches:
fish shell 3.6.2 has been released to correct this issue.
--
-Alan Coopersmith- alan.coopersmith () oracle com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris