Path Autocompletion Issue in GNU Bash 4.4
CVE-2017-5932
7.8HIGH
What is CVE-2017-5932?
The path autocompletion feature in GNU Bash version 4.4 contains a vulnerability that can be exploited by local users. By crafting a specific filename that begins with a double quote, alongside a command substitution metacharacter, an attacker may gain elevated privileges. This can lead to unauthorized access or manipulation of system resources, posing significant security risks. Users are advised to apply relevant patches to mitigate this vulnerability.