Vulnerability-Lookup

CVE-2024-41815 (GCVE-0-2024-41815)

Vulnerability from cvelistv5 – Published: 2024-07-26 21:01 – Updated: 2024-08-02 04:46

Title

Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands

Summary

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')

Assigner

GitHub_M

References

URL

Tags

	https://github.com/starship/starship/security/adv…	x_refsource_CONFIRM
	https://github.com/starship/starship/commit/cfc58…	x_refsource_MISC
	https://github.com/starship/starship/releases/tag…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	starship	starship	Affected: >= 1.0.0, < 1.20.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:starship:starship:1.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "starship",
            "vendor": "starship",
            "versions": [
              {
                "lessThan": "1.20.0",
                "status": "affected",
                "version": "1.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41815",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-29T14:13:04.454740Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T18:28:53.805Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T04:46:52.696Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5"
          },
          {
            "name": "https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74"
          },
          {
            "name": "https://github.com/starship/starship/releases/tag/v1.20.0",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/starship/starship/releases/tag/v1.20.0"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "starship",
          "vendor": "starship",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.20.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others\u0027 commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-26T21:01:48.605Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5"
        },
        {
          "name": "https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74"
        },
        {
          "name": "https://github.com/starship/starship/releases/tag/v1.20.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/starship/starship/releases/tag/v1.20.0"
        }
      ],
      "source": {
        "advisory": "GHSA-vx24-x4mv-vwr5",
        "discovery": "UNKNOWN"
      },
      "title": "Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-41815",
    "datePublished": "2024-07-26T21:01:48.605Z",
    "dateReserved": "2024-07-22T13:57:37.137Z",
    "dateUpdated": "2024-08-02T04:46:52.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5\", \"name\": \"https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74\", \"name\": \"https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/starship/starship/releases/tag/v1.20.0\", \"name\": \"https://github.com/starship/starship/releases/tag/v1.20.0\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:46:52.696Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41815\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-29T14:13:04.454740Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:starship:starship:1.0.0:*:*:*:*:*:*:*\"], \"vendor\": \"starship\", \"product\": \"starship\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0\", \"lessThan\": \"1.20.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-29T14:16:29.787Z\"}}], \"cna\": {\"title\": \"Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands\", \"source\": {\"advisory\": \"GHSA-vx24-x4mv-vwr5\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"starship\", \"product\": \"starship\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.0.0, \u003c 1.20.0\"}]}], \"references\": [{\"url\": \"https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5\", \"name\": \"https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74\", \"name\": \"https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/starship/starship/releases/tag/v1.20.0\", \"name\": \"https://github.com/starship/starship/releases/tag/v1.20.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others\u0027 commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-77\", \"description\": \"CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-26T21:01:48.605Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-41815\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T04:46:52.696Z\", \"dateReserved\": \"2024-07-22T13:57:37.137Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-26T21:01:48.605Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cve-2024-41815

Vulnerability from osv_rustsec

Published

2024-07-26 12:00

Modified

2025-12-22 13:54

Summary

Shell expansion in custom commands

Details

Summary

Undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash.

Details

I wanted to show the git commit name in my prompt (I use bash), so I added a command:

[custom.git_commit_name]
command = 'git show -s --format="%<(25,mtrunc)%s"'
style = "italic"
when = true

To my surprise, when I had a commit with backticks in it, the backticks were expanded. e.g.:

touch foo
git add foo
git commit -m '`ls`'

Thankfully I noticed it on my own commit before checking out someone's code whose commit message was

rm -rf /important/stuff

The documentation says:

Command output is printed unescaped to the prompt

    Whatever output the command generates is printed unmodified in the prompt.
    This means if the output contains special sequences that are interpreted
    by your shell they will be expanded when displayed. These special
    sequences are shell specific, e.g. you can write a command module that
    writes bash sequences, e.g. \h, but this module will not work in a fish
    or zsh shell.

    Format strings can also contain shell specific prompt sequences, e.g. Bash, Zsh.

However, it doesn't specifically mention shell injection with $() and backticks; it just mentions the prompt escape sequences, and the link doesn't suggest any shell injection possibilities either.

Furthermore, I can't even figure out how to properly escape things, because simply changing the command to

command = 'printf %q "$(git show -s --format="%<(25,mtrunc)%s")"'

doesn't work, as it's also adding a backslash before spaces. I also tried use_stdin=false

I'm not 100% sure this qualifies as a vulnerability, but I feel it is not documented well enough to warn unsuspecting users, and it certainly is not documented how to properly quote things, because after 15-30 minutes of trying, I can't figure it out.

I see some past commits about fixing shell injection with $, and it does seem like the problem doesn't exist in build-in modules like git branch.

PoC

Have some custom command which prints out information from a potentially untrusted/unverified source.

[custom.git_commit_name]
command = 'git show -s --format="%<(25,mtrunc)%s"'
style = "italic"
when = true

Impact

People with custom commands, so the scope is limited, and without knowledge of people's commands, it could be hard to target people. The only one I saw in the example custom commands that may be vulnerable is the playerctl one.

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "categories": [
          "code-execution"
        ],
        "cvss": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "informational": null
      },
      "ecosystem_specific": {
        "affected_functions": null,
        "affects": {
          "arch": [],
          "functions": [],
          "os": []
        }
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "starship",
        "purl": "pkg:cargo/starship"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.1-0"
            },
            {
              "fixed": "1.20.0"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "versions": []
    }
  ],
  "aliases": [
    "CVE-2024-41815",
    "GHSA-vx24-x4mv-vwr5"
  ],
  "database_specific": {
    "license": "CC-BY-4.0"
  },
  "details": "## Summary\n\nUndocumented and unpredictable shell expansion and/or quoting\nrules make it easily to accidentally cause shell injection\nwhen using custom commands with starship in bash.\n\n## Details\n\nI wanted to show the git commit name in my prompt (I use bash), so I added a command:\n\n```\n[custom.git_commit_name]\ncommand = \u0027git show -s --format=\"%\u003c(25,mtrunc)%s\"\u0027\nstyle = \"italic\"\nwhen = true\n```\n\nTo my surprise, when I had a commit with backticks in it,\nthe backticks were expanded. e.g.:\n\n```\ntouch foo\ngit add foo\ngit commit -m \u0027`ls`\u0027\n```\n\nThankfully I noticed it on my own commit before checking out\nsomeone\u0027s code whose commit message was\n\n`rm -rf /important/stuff`\n\nThe documentation says:\n\nCommand output is printed unescaped to the prompt\n\n```\n    Whatever output the command generates is printed unmodified in the prompt.\n    This means if the output contains special sequences that are interpreted\n    by your shell they will be expanded when displayed. These special\n    sequences are shell specific, e.g. you can write a command module that\n    writes bash sequences, e.g. \\h, but this module will not work in a fish\n    or zsh shell.\n\n    Format strings can also contain shell specific prompt sequences, e.g. Bash, Zsh.\n```\n\nHowever, it doesn\u0027t specifically mention shell injection with $()\nand backticks; it just mentions the prompt escape sequences, and\nthe link doesn\u0027t suggest any shell injection possibilities either.\n\nFurthermore, I can\u0027t even figure out how to properly escape things,\nbecause simply changing the command to\n\n```\ncommand = \u0027printf %q \"$(git show -s --format=\"%\u003c(25,mtrunc)%s\")\"\u0027\n```\n\ndoesn\u0027t work, as it\u0027s also adding a backslash before spaces. I also\ntried `use_stdin=false`\n\nI\u0027m not 100% sure this qualifies as a vulnerability, but I feel it is not\ndocumented well enough to warn unsuspecting users, and it certainly is\nnot documented how to properly quote things, because after 15-30 minutes\nof trying, I can\u0027t figure it out.\n\nI see some past commits about fixing shell injection with $, and it does\nseem like the problem doesn\u0027t exist in build-in modules like git branch.\n\n## PoC\n\nHave some custom command which prints out information from a potentially untrusted/unverified source.\n\n```\n[custom.git_commit_name]\ncommand = \u0027git show -s --format=\"%\u003c(25,mtrunc)%s\"\u0027\nstyle = \"italic\"\nwhen = true\n```\n\n## Impact\n\nPeople with custom commands, so the scope is limited, and without knowledge\nof people\u0027s commands, it could be hard to target people. The only one I saw\nin the example custom commands that may be vulnerable is the playerctl one.",
  "id": "RUSTSEC-2024-0446",
  "modified": "2025-12-22T13:54:49Z",
  "published": "2024-07-26T12:00:00Z",
  "references": [
    {
      "type": "PACKAGE",
      "url": "https://crates.io/crates/starship"
    },
    {
      "type": "ADVISORY",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0446.html"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5"
    }
  ],
  "related": [],
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Shell expansion in custom commands"
}

GHSA-VX24-X4MV-VWR5

Vulnerability from github – Published: 2024-07-26 21:24 – Updated: 2025-12-22 16:31

Summary

Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands

Details

Description

PoC

Have some custom command which prints out information from a potentially untrusted/unverified source.

[custom.git_commit_name]
command = 'git show -s --format="%<(25,mtrunc)%s"'
style = "italic"
when = true

Impact

This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone.

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.19.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "starship"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.20.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-41815"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-26T21:24:18Z",
    "nvd_published_at": "2024-07-26T21:15:14Z",
    "severity": "HIGH"
  },
  "details": "## Description \nStarship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. Version 1.20.0 fixes the vulnerability.\n\n### PoC\nHave some custom command which prints out information from a potentially untrusted/unverified source.\n```\n[custom.git_commit_name]\ncommand = \u0027git show -s --format=\"%\u003c(25,mtrunc)%s\"\u0027\nstyle = \"italic\"\nwhen = true\n```\n\n### Impact\nThis issue only affects users with custom commands, so the scope is limited, and without knowledge of others\u0027 commands, it could be hard to successfully target someone.",
  "id": "GHSA-vx24-x4mv-vwr5",
  "modified": "2025-12-22T16:31:41Z",
  "published": "2024-07-26T21:24:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41815"
    },
    {
      "type": "WEB",
      "url": "https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/starship/starship"
    },
    {
      "type": "WEB",
      "url": "https://github.com/starship/starship/releases/tag/v1.20.0"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2024-0446.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands"
}

FKIE_CVE-2024-41815

Vulnerability from fkie_nvd - Published: 2024-07-26 21:15 - Updated: 2024-11-21 09:33

Severity ?

7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74	Patch
security-advisories@github.com	https://github.com/starship/starship/releases/tag/v1.20.0	Release Notes
security-advisories@github.com	https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/starship/starship/releases/tag/v1.20.0	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	starship	starship	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:starship:starship:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10638D42-D9DD-46FB-93A0-AAF55A08CA07",
              "versionEndExcluding": "1.20.0",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others\u0027 commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability."
    },
    {
      "lang": "es",
      "value": " Starship es un aviso entre capas. A partir de la versi\u00f3n 1.0.0 y antes de la versi\u00f3n 1.20.0, las reglas de citaci\u00f3n y/o expansi\u00f3n de shell impredecibles y no documentadas hacen que sea f\u00e1cil provocar accidentalmente una inyecci\u00f3n de shell cuando se usan comandos personalizados con starship en bash. Este problema solo afecta a los usuarios con comandos personalizados, por lo que el alcance es limitado y, sin el conocimiento de los comandos de otros, podr\u00eda ser dif\u00edcil apuntar a alguien con \u00e9xito. La versi\u00f3n 1.20.0 corrige la vulnerabilidad."
    }
  ],
  "id": "CVE-2024-41815",
  "lastModified": "2024-11-21T09:33:07.663",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-26T21:15:14.370",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/starship/starship/releases/tag/v1.20.0"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/starship/starship/commit/cfc58161e0ec595db90af686ad77a73df6d44d74"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/starship/starship/releases/tag/v1.20.0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/starship/starship/security/advisories/GHSA-vx24-x4mv-vwr5"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-41815 (GCVE-0-2024-41815)

cve-2024-41815

Vulnerability from osv_rustsec

Summary

Details

PoC

Impact

GHSA-VX24-X4MV-VWR5

Description

PoC

Impact

FKIE_CVE-2024-41815

Tags

Sightings

Nomenclature