Описание
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
A flaw was found in shlex. The shlex crate improperly handles unquoted and unescaped curly brace and non-breaking space characters, allowing a local attacker to inject arbitrary commands. This injection occurs when processing input that contains these characters without proper quoting or escaping. Successful exploitation results in the execution of attacker-controlled commands. This can lead to arbitrary code execution.
Отчет
This CVE was rated as Low severity. It involves three distinct issues: (1) Failure to quote characters, which can cause a single argument to be interpreted as multiple arguments in a shell, but does not directly allow arbitrary command execution; (2) Handling of null bytes in strings, which cannot be used in Unix command arguments or environment variables, making exploitation in typical environments unlikely; and (3) Lack of escaping for control characters in interactive shells, where writing control characters to the input of an interactive shell could cause misbehavior, though non-interactive shells are unaffected. Exploitation of these issues requires high attack complexity and targeting of uncommon scenarios. The overall impact is limited, and the affected scenarios are constrained in typical usage. Considering the high attack complexity, restricted exploitability, and limited impact, a Low severity rating is appropriate.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Confidential Compute Attestation | confidential-compute-attestation-tech-preview/trustee-rhel9 | Not affected | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-operator-bundle | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/cluster-logging-rhel9-operator | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/eventrouter-rhel9 | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/log-file-metric-exporter-rhel9 | Fix deferred | ||
| Logging Subsystem for Red Hat OpenShift | openshift-logging/vector-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-cni-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-must-gather-rhel9 | Fix deferred | ||
| OpenShift Service Mesh 3 | openshift-service-mesh/istio-pilot-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
3.2 Low
CVSS3
Связанные уязвимости
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
The shlex crate before 1.2.1 for Rust allows unquoted and unescaped in ...
EPSS
3.2 Low
CVSS3