CVE-2022-20001
Injection in fish
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.
fish es un shell de línea de comandos. fish versiones 3.1.0 hasta 3.3.1, es vulnerable a una ejecución de código arbitrario. Los repositorios de git pueden contener una configuración por repositorio que cambia el comportamiento de git, incluyendo la ejecución de comandos arbitrarios. Cuando es usada la configuración por defecto de fish, al cambiar a un directorio son ejecutados automáticamente los comandos "git" para mostrar información sobre el repositorio actual en el prompt. Si un atacante puede convencer a un usuario para que cambie su directorio actual a uno controlado por el atacante, como en un sistema de archivos compartido o un archivo extraído, fish ejecutará comandos arbitrarios bajo el control del atacante. Este problema ha sido corregido en fish versión 3.4.0. Tenga en cuenta que la ejecución de git en estos directorios, incluyendo el uso de la finalización de la pestaña git, sigue siendo un potencial desencadenante de este problema. Como medida de mitigación, elimina la función "fish_git_prompt" del prompt
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-08 CVE Reserved
- 2022-03-14 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
- CWE-427: Uncontrolled Search Path Element
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| https://github.com/fish-shell/fish-shell/releases/tag/3.4.0 | Release Notes | |
| https://github.com/fish-shell/fish-shell/security/advisories/GHSA-pj5f-6vxj-f5mq | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/fish-shell/fish-shell/pull/8589 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Fishshell Search vendor "Fishshell" | Fish Search vendor "Fishshell" for product "Fish" | >= 3.1.0 <= 3.3.1 Search vendor "Fishshell" for product "Fish" and version " >= 3.1.0 <= 3.3.1" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 36 Search vendor "Fedoraproject" for product "Fedora" and version "36" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||