{"api_version":"1","generated_at":"2026-04-23T02:57:54+00:00","cve":"CVE-2019-14868","urls":{"html":"https://cve.report/CVE-2019-14868","api":"https://cve.report/api/cve/CVE-2019-14868.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-14868","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-14868"},"summary":{"title":"CVE-2019-14868","description":"In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-04-02 17:15:00","updated_at":"2023-02-12 23:36:00"},"problem_types":["CWE-77"],"metrics":[],"references":[{"url":"https://support.apple.com/kb/HT211170","name":"https://support.apple.com/kb/HT211170","refsource":"CONFIRM","tags":["Third Party Advisory"],"title":"About the security content of macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html","name":"[debian-lts-announce] 20200720 [SECURITY] [DLA 2284-1] ksh security update","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"[SECURITY] [DLA 2284-1] ksh security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1757324","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1757324","refsource":"MISC","tags":[],"title":"1757324 – (CVE-2019-14868) CVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:0431","name":"https://access.redhat.com/errata/RHSA-2020:0431","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2020:2210","name":"https://access.redhat.com/errata/RHSA-2020:2210","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:0568","name":"https://access.redhat.com/errata/RHSA-2020:0568","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:0515","name":"https://access.redhat.com/errata/RHSA-2020:0515","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:0559","name":"https://access.redhat.com/errata/RHSA-2020:0559","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/security/cve/CVE-2019-14868","name":"https://access.redhat.com/security/cve/CVE-2019-14868","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:5351","name":"https://access.redhat.com/errata/RHSA-2020:5351","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2","name":"https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"Harden env var imports · att/ast@c7de8b6 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:5352","name":"https://access.redhat.com/errata/RHSA-2020:5352","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://access.redhat.com/errata/RHSA-2020:1333","name":"https://access.redhat.com/errata/RHSA-2020:1333","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868","refsource":"CONFIRM","tags":["Issue Tracking","Third Party Advisory"],"title":"1757324 – (CVE-2019-14868) CVE-2019-14868 ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2020/May/53","name":"20200529 APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra","refsource":"FULLDISC","tags":["Mailing List","Third Party Advisory"],"title":"Full Disclosure: APPLE-SA-2020-05-26-3 macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHSA-2020:1332","name":"https://access.redhat.com/errata/RHSA-2020:1332","refsource":"MISC","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-14868","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14868","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"14868","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14868","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os_x","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14868","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14868","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14868","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ksh_project","cpe5":"ksh","cpe6":"20120801","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"14868","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ksh_project","cpe5":"ksh","cpe6":"20120801","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-14868","qid":"296073","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 24.75.2 Missing (CPUJUL2020)"},{"cve":"CVE-2019-14868","qid":"376990","title":"Alibaba Cloud Linux Security Update for ksh (ALINUX2-SA-2020:0023)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2019-14868","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-77","cweId":"CWE-77"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"KornShell","product":{"product_data":[{"product_name":"ksh","version":{"version_data":[{"version_affected":"=","version_value":"20120801"}]}}]}}]}},"references":{"reference_data":[{"url":"https://support.apple.com/kb/HT211170","refsource":"MISC","name":"https://support.apple.com/kb/HT211170"},{"url":"http://seclists.org/fulldisclosure/2020/May/53","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2020/May/53"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14868"},{"url":"https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2","refsource":"MISC","name":"https://github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2"},{"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2020/07/msg00015.html"}]},"impact":{"cvss":[{"attackComplexity":"HIGH","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}]}},"nvd":{"publishedDate":"2020-04-02 17:15:00","lastModifiedDate":"2023-02-12 23:36:00","problem_types":["CWE-77"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:ksh_project:ksh:20120801:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","versionEndExcluding":"10.15.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"14868","Ordinal":"154077","Title":"CVE-2019-14868","CVE":"CVE-2019-14868","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"14868","Ordinal":"1","NoteData":"In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"14868","Ordinal":"2","NoteData":"2020-04-02","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"14868","Ordinal":"3","NoteData":"2020-07-20","Type":"Other","Title":"Modified"}]}}}