Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
2020-08-11T16:15:12.663
2024-11-21T05:07:57.813
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | firejail_project | firejail | ≤ 0.9.62 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |
| Operating System | debian | debian_linux | 10.0 | Yes |
| Operating System | fedoraproject | fedora | 31 | Yes |
| Operating System | fedoraproject | fedora | 32 | Yes |
| Operating System | opensuse | leap | 15.2 | Yes |