CVE-2024-41815 – starship

Package

Manager: cargo
Name: starship
Vulnerable Version: >=1.0.0 <1.20.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00333 pctl0.55536

Details

Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands ## Description Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Version 1.20.0 fixes the vulnerability. ### PoC Have some custom command which prints out information from a potentially untrusted/unverified source. ``` [custom.git_commit_name] command = 'git show -s --format="%<(25,mtrunc)%s"' style = "italic" when = true ``` ### Impact This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone.

Metadata

Created: 2024-07-26T21:24:18Z
Modified: 2024-07-26T21:48:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-vx24-x4mv-vwr5/GHSA-vx24-x4mv-vwr5.json
CWE IDs: ["CWE-77", "CWE-78"]
Alternative ID: GHSA-vx24-x4mv-vwr5
Finding: F004
Auto approve: 1