vendor:
Bash
by:
9
CVSS
CRITICAL
Command Injection
78
CWE
Product Name: Bash
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2010-0238
CPE: a:gnu:bash
Platforms Tested: Linux, Unix, macOS
2010
Command Injection Vulnerability in GNU Bash
The vulnerability exists in GNU Bash due to inadequate sanitization of control characters in the 'ls' command. Attackers can exploit this vulnerability to execute arbitrary commands in a bash terminal. Other attacks may also be possible.
Mitigation:
To mitigate this vulnerability, it is recommended to ensure that input is properly sanitized and validated before being executed as a command. Regularly updating the GNU Bash version to the latest released version is also advised.