Fish Security Vulnerabilities and Issues — Fish CVE List

FishshellFish

7 matches found

CVE•added 2022/03/14 12:0 a.m.•258 views

CVE-2022-20001

CVE-2022-20001 affects fish shell 3.1.0–3.3.1 where changing directories can trigger arbitrary commands via git in per-repository configurations, affecting prompts and git integration when using default config. Root cause is per-repo configuration execution invoked during directory changes (promp...

7.8CVSS7.8AI score0.0028EPSS

CVE•added 2020/01/28 3:35 p.m.•138 views

CVE-2014-2906

CVE-2014-2906 affects fish-shell (psub) up to version 2.1.1, where the temporary file creation is mishandled, allowing a local attacker to execute commands via a predictable temporary file name. Affected product is the fish-shell line, with the root cause described as improper temporary file hand...

7CVSS8AI score0.0011EPSS

CVE•added 2018/02/09 10:0 p.m.•135 views

CVE-2014-3219

CVE-2014-3219 affects fish before 2.1.1 and describes a local symlink attack that lets an attacker cause writes to arbitrary files via temporary paths (/tmp/fishd.log., /tmp/.pac-cache. , /tmp/.yum-cache., /tmp/.rpm-cache. ). The connected documents show openSUSE advisories and OSS notes referenc...

7.8CVSS8.2AI score0.00035EPSS

CVE•added 2020/01/28 3:21 p.m.•133 views

CVE-2014-2914

CVE-2014-2914 affects fish-shell up to version 2.0.0; versions before 2.1.1 do not restrict access to the configuration service (fish_config), enabling remote code execution via unspecified vectors (demonstrated by set_prompt). The NVD entry lists a CVSS‑3.1 base score of 9.8 (CRITICAL) and CVSS‑...

9.8CVSS9.6AI score0.02481EPSS

CVE•added 2020/01/28 3:30 p.m.•132 views

CVE-2014-3856

The CVE-2014-3856 entry pertains to fish-shell (fish) 1.23.0 prior to 2.1.1, where temporary files are created improperly, allowing local privilege elevation via a predictable-named temporary file. The vulnerability is a local impact issue (high severity per CVSS v3.1 in the connected data) and i...

7CVSS7.8AI score0.00039EPSS

CVE•added 2014/05/02 2:0 p.m.•131 views

CVE-2014-2905

CVE-2014-2905 affects fish-shell (fish) versions prior to 2.1.1, where credentials are not properly checked over the universal variable socket (UNIX domain socket at /tmp/fishd.socket.user), enabling local privilege escalation. The root cause is improper validation of credentials when communicati...

6.9CVSS8.8AI score0.00036EPSS

CVE•added 2023/12/04 11:46 p.m.•53 views

CVE-2023-49284

CVE-2023-49284 affects the fish shell (macOS, Linux, and related platforms). The vulnerability arises from Unicode non-characters used internally for marking wildcards and expansions, which can be read in command substitution output instead of being safely transformed. This can cause unexpected b...

6.6CVSS5.6AI score0.00088EPSS