ALAS2-2020-1503

Affecting bash package, versions <4.2.46-34.amzn2

Report new vulnerabilities
medium severity
Do your applications use this vulnerable package? Test your applications

Overview

Affected versions of this package are vulnerable to ALAS2-2020-1503. Package updates are available for Amazon Linux 2 that fix the following vulnerabilities: CVE-2019-9924: 1691774: CVE-2019-9924 bash: BASH_CMD is writable in restricted bash shells rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

Remediation

Upgrade bash to version or higher.

References

CVE
ALAS2-2020-1503
Snyk ID
SNYK-AMZN2-BASH-1022710
Published
28 Oct, 2020