fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by set_prompt.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-06T10:28:46.205Z
Reserved: 2014-04-18T00:00:00
Link: CVE-2014-2914

No data.

Status : Modified
Published: 2020-01-28T16:15:12.197
Modified: 2024-11-21T02:07:11.400
Link: CVE-2014-2914

No data.