Description

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability.

INFO

Published Date :

2024-07-26T21:01:48.605Z

Last Modified :

2024-08-02T04:46:52.696Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-41815 vulnerability.

Vendors Products
Starship
  • Starship
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-41815.

URL Resource
https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74 cve-icon cve-icon cve-icon
https://github.com/starship/starship/releases/tag/v1.20.0 cve-icon cve-icon cve-icon
https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact