CVE-2022-20001 Injection in fish

fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing...

CVE-2014-2914

fish aka fish-shell 2.0.0 before 2.1.1 does not restrict access to the configuration service aka fishconfig, which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by setprompt...