How severe is CVE-2024-41815?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2024-41815?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2024-41815 - HIGH Severity | CVSS 7

Vulnerability Description

Starship is a cross-shell prompt. Starting in version 1.0.0 and prior to version 1.20.0, undocumented and unpredictable shell expansion and/or quoting rules make it easily to accidentally cause shell injection when using custom commands with starship in bash. This issue only affects users with custom commands, so the scope is limited, and without knowledge of others' commands, it could be hard to successfully target someone. Version 1.20.0 fixes the vulnerability.

Related Vulnerabilities

CVE-2016-4444

HIGH

CVSS:7.0(High)

The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the comman...

CWE-772016

CVE-2016-4445

HIGH

CVSS:7.0(High)

The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to exec...

CWE-772016

CVE-2016-4446

HIGH

CVSS:7.0(High)

The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput func...

CWE-772016

CVE-2016-4989

HIGH

CVSS:7.0(High)

setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by ...

CWE-772016

CVE-2019-20680

HIGH

CVSS:7.0(High)

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D7000v2 before 1.0.0.53, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6700 before 1.0.2.6, R6700v2 be...

CWE-772019

CVE-2020-14342

HIGH

CVSS:7.0(High)

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special p...

CWE-772020