A vulnerability was discovered in Fish when handling git repository configuration that may lead to execution of arbitrary code
Package | app-shells/fish on all architectures |
---|---|
Affected versions | < 3.4.0 |
Unaffected versions | >= 3.4.0 |
Smart and user-friendly command line shell for macOS, Linux, and the rest of the family. It includes features like syntax highlighting, autosuggest-as-you-type, and fancy tab completions that just work, with no configuration required.
A vulnerability have been discovered in Fish. Please review the CVE identifiers referenced below for details.
A user may be enticed to cd into a git repository under control by an attacker (e.g. on a shared filesystem or by unpacking an archive) and execute arbitrary commands.
There is no known workaround at this time.
All fish users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-shells/fish-3.4.0"
Release date
September 29, 2023
Latest revision
September 29, 2023: 1
Severity
normal
Exploitable
local
Bugzilla entries