Lucene search
Veracode Vulnerability DatabaseVERACODE:34899HistoryMar 31, 2022 - 1:10 p.m.
Remote Code Execution (RCE)
2022-03-3113:10:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
remote code execution
fish software
configuration sanitization
EPSS
0.002
Percentile
57.4%
fish is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization via the configuration that allows an attacker to inject maliciously crafted script into the system.
References
github.com/fish-shell/fish-shell/pull/8589
github.com/fish-shell/fish-shell/releases/tag/3.4.0
github.com/fish-shell/fish-shell/security/advisories/GHSA-pj5f-6vxj-f5mq
lists.fedoraproject.org/archives/list/[email protected]/message/BPZ7JV22DSZB5LNUCUEJ2HO3PKM2TVVK/
lists.fedoraproject.org/archives/list/[email protected]/message/TRNMYS2LKB6TKOOBQQRSRQICDMWLZ4QL/
security-tracker.debian.org/tracker/CVE-2022-20001
www.debian.org/security/2022/dsa-5234
Related
openvas
openvas
Fedora: Security Advisory for fish (FEDORA-2022-443c5ec2dd)
2022-04-04 00:00:00
Fedora: Security Advisory for fish (FEDORA-2022-cd2c5e0634)
2022-04-06 00:00:00
Ubuntu: Security Advisory (USN-5367-1)
2023-01-27 00:00:00
nessus
nessus
Amazon Linux 2022 : (ALAS2022-2022-056)
2022-09-06 00:00:00
GLSA-202309-10 : Fish: User-assisted execution of arbitrary code
2023-09-29 00:00:00
cvelist
cvelist
CVE-2022-20001 Injection in fish
2022-03-14 00:00:00
CVE-2022-42906
2022-10-13 00:00:00
ubuntucve
ubuntucve
CVE-2022-20001
2022-03-14 00:00:00
CVE-2022-42906
2022-10-13 00:00:00
osv
osv
CVE-2022-20001
2022-03-14 19:15:11
fish - security update
2022-09-21 00:00:00
fish vulnerability
2022-08-10 18:31:37
cbl_mariner
cbl_mariner
CVE-2022-20001 affecting package fish 3.1.2-4
2024-09-19 09:11:59
freebsd
freebsd
shells/fish -- arbitrary code execution via git
2021-12-26 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: fish-3.4.1-1.fc35
2022-04-05 12:43:24
[SECURITY] Fedora 36 Update: fish-3.4.1-1.fc36
2022-04-04 00:15:49
alpinelinux
alpinelinux
CVE-2022-20001
2022-03-14 19:15:11
cve
cve
CVE-2022-20001
2022-03-14 19:15:11
CVE-2022-42906
2022-10-13 03:15:09
prion
prion
Default configuration
2022-03-14 19:15:00
Design/Logic Flaw
2022-10-13 03:15:00
suse
suse
Security update for fish3 (important)
2022-03-31 00:00:00
debian
debian
[SECURITY] [DSA 5234-1] fish security update
2022-09-21 18:45:59
mageia
mageia
Updated fish packages fix security vulnerability
2022-05-15 13:06:40
nvd
nvd
CVE-2022-20001
2022-03-14 19:15:11
CVE-2022-42906
2022-10-13 03:15:09
ubuntu
ubuntu
fish vulnerability
2022-08-10 00:00:00
debiancve
debiancve
CVE-2022-20001
2022-03-14 19:15:11
CVE-2022-42906
2022-10-13 03:15:09
gentoo
gentoo
Fish: User-assisted execution of arbitrary code
2023-09-29 00:00:00
github
github
Powerline Gitstatus vulnerable to arbitrary code execution
2022-10-13 12:00:26