High severity7.4NVD Advisory· Published Apr 2, 2020· Updated Jun 17, 2026
CVE-2019-14868
CVE-2019-14868
Description
In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/ksh&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ksh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2012pkg:rpm/suse/ksh&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 93vu-10.1+ 2 more
- (no CPE)range: < 93vu-10.1
- (no CPE)range: < 93vu-19.3.2
- (no CPE)range: < 93vu-19.3.2
Patches
Vulnerability mechanics
References
5- github.com/att/ast/commit/c7de8b641266bac7c77942239ac659edfee9ecd2nvdPatchThird Party Advisory
- seclists.org/fulldisclosure/2020/May/53nvdMailing ListThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2020/07/msg00015.htmlnvdMailing ListThird Party Advisory
- support.apple.com/kb/HT211170nvdThird Party Advisory
News mentions
0No linked articles in our index yet.