CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49284 – Command substitution output can trigger shell expansion in fish shell
https://notcve.org/view.php?id=CVE-2023-49284
04 Dec 2023 — fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \UFDD2HOME has the same output as echo $HOME), this may become a minor security problem i... • http://www.openwall.com/lists/oss-security/2023/12/08/1 • CWE-436: Interpretation Conflict •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-20001 – Injection in fish
https://notcve.org/view.php?id=CVE-2022-20001
14 Mar 2022 — fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled ... • https://github.com/fish-shell/fish-shell/pull/8589 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-427: Uncontrolled Search Path Element •