VDB
CVE-2019-14868
CVE-2019-14868
PUBLISHED
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
EPSS 0.20% · 42.4th percentile
Risk Scores
EPSS Score
0.20%
42.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | ksh | 0, 93u+20120801-3.1ubuntu1 |
| Ubuntu:Pro:14.04:LTS | ksh | 0, 93u+20120801-1, 93u+20120801-1ubuntu0.14.04.1 |
| Ubuntu:16.04:LTS | ksh | 0, *, 93u+20120801-1 |
Timeline
- Feb 5, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2019-14868 third-party-advisory
- https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2019-14868 third-party-advisory