漏洞标题
命令替换输出可以在 fish shells 中触发 shell 扩展
漏洞描述信息
Fish 是一个智能且易于使用的操作系统命令行终端,适用于 macOS、Linux 以及其他家庭成员。Fish 命令行终端内部使用某些 Unicode 非字符来标记通配符和扩展。它将这些标记错误地允许在命令替换输出中读取,而不是将其转换为安全的内部表示。尽管这可能在直接输入时导致意想不到的行为(例如,echo \UFDD2HOME 和 echo $HOME 的输出相同),但如果输出是从外部程序输入到命令替换中可能预期的输出,这可能会成为一个 minor 的安全问题。这个设计缺陷是在 Fish 的早期版本中引入的,早到版本控制系统之前,并且被认为是在 last 15 年或更长时间的所有 Fish 版本中都存在,尽管使用不同的字符。代码执行似乎是不可能的,但在某些情况下,拒绝服务(通过大括号扩展)或信息泄露(如变量扩展)是可能的。为了纠正这个问题,Fish 命令行终端已经发布了 3.6.2。建议用户升级。关于这个漏洞的已知修复方法是不存在的。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
输出中的特殊元素转义处理不恰当(注入)
漏洞标题
Command substitution output can trigger shell expansion in fish shell
漏洞描述信息
fish is a smart and user-friendly command line shell for macOS, Linux, and the rest of the family. fish shell uses certain Unicode non-characters internally for marking wildcards and expansions. It will incorrectly allow these markers to be read on command substitution output, rather than transforming them into a safe internal representation. While this may cause unexpected behavior with direct input (for example, echo \UFDD2HOME has the same output as echo $HOME), this may become a minor security problem if the output is being fed from an external program into a command substitution where this output may not be expected. This design flaw was introduced in very early versions of fish, predating the version control system, and is thought to be present in every version of fish released in the last 15 years or more, although with different characters. Code execution does not appear to be possible, but denial of service (through large brace expansion) or information disclosure (such as variable expansion) is potentially possible under certain circumstances. fish shell 3.6.2 has been released to correct this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
漏洞类别
解释冲突
漏洞标题
Github fish 安全漏洞
漏洞描述信息
Github fish是一个智能且用户友好的命令行 shell。 Github fish 3.6.2之前版本存在安全漏洞,该漏洞源于允许在内部使用某些Unicode非字符来标记通配符和扩展。
CVSS信息
N/A
漏洞类别
其他