Candidate: CVE-2019-14868
PublicDate: 2020-04-02 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14868
 https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
Description:
 In ksh version 20120801, a flaw was found in the way it evaluates certain
 environment variables. An attacker could use this flaw to override or
 bypass environment restrictions to execute shell commands. Services and
 applications that allow remote unauthenticated attackers to provide one of
 those environment variables could allow them to exploit this issue
 remotely.
Ubuntu-Description:
 It was discovered that Korn Shell incorrectly handled environment
 variables. A remote attacker could possibly use this issue to execute
 arbitrary code.
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_ksh:
upstream_ksh: needs-triage
precise/esm_ksh: DNE
trusty_ksh: ignored (out of standard support)
trusty/esm_ksh: needs-triage
xenial_ksh: ignored (end of standard support, was needs-triage)
bionic_ksh: needs-triage
disco_ksh: ignored (reached end-of-life)
eoan_ksh: ignored (reached end-of-life)
focal_ksh: not-affected (2020.0.0-5)
groovy_ksh: not-affected (2020.0.0-5)
hirsute_ksh: not-affected (2020.0.0-5)
impish_ksh: not-affected (2020.0.0-5)
jammy_ksh: DNE
devel_ksh: DNE