vulnerability

Arch Linux: Arbitrary command execution (CVE-2019-14868)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Apr 2, 2020	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Apr 2, 2020

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

A flaw was found in ksh version 2020.0.0 in the evaluation of certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

Solution

arch-linux-upgrade-latest

References

CVE-2019-14868
https://attackerkb.com/topics/CVE-2019-14868
URL-http://seclists.org/fulldisclosure/2020/May/53
URL-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868
URL-https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2
URL-https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html
URL-https://security.archlinux.org/ASA-202002-4
URL-https://support.apple.com/kb/HT211170
CWE-77

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today