A vulnerability was discovered in Fish when handling git repository configuration that may lead to execution of arbitrary code
|Package||app-shells/fish on all architectures|
|Affected versions||< 3.4.0|
|Unaffected versions||>= 3.4.0|
Smart and user-friendly command line shell for macOS, Linux, and the rest of the family. It includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required.
A vulnerability have been discovered in Fish. Please review the CVE identifiers referenced below for details.
A user may be enticed to cd into a git repository under control by an attacker (e.g. on a shared filesystem or by unpacking an archive) and execute arbitrary commands.
There is no known workaround at this time.
All fish users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/fish-3.4.0"
September 29, 2023
September 29, 2023: 1