DEBIAN-CVE-2019-14868

Source
https://security-tracker.debian.org/tracker/CVE-2019-14868
Import Source
https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2019-14868.json
JSON Data
https://api.osv.dev/v1/vulns/DEBIAN-CVE-2019-14868
Upstream
Published
2020-04-02T17:15:13Z
Modified
2025-09-30T03:54:35Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

References

Affected packages

Debian:11 / ksh

Package

Name
ksh
Purl
pkg:deb/debian/ksh?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2020.0.0-2.1

Ecosystem specific

{
    "urgency": "not yet assigned"
}