DSA-5234-1 fish -- fishID: oval:org.secpod.oval:def:88404 | Date: (C)2023-03-28 (M)2023-11-13 |
Class: PATCH | Family: unix |
An arbitrary code execution vulnerability was disovered in fish, a command line shell. When using the default configuraton of fish, changing to a directory automatically ran `git` commands in order to display information about the current repository in the prompt. Such repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands.