CVE-2024-41815

Name
CVE-2024-41815
Description
Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5
MISC https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74
MISC https://github.com/starship/starship/releases/tag/v1.20.0

Match rules

CPE URI Source package Min version Max version
starship >= 1.0.0 < 1.20.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
starship 3.20-community 1.18.2-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable