Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Catfish | Catfish_project | 0.6.0 (including) | 0.6.0 (including) |
Catfish | Catfish_project | 0.6.1 (including) | 0.6.1 (including) |
Catfish | Catfish_project | 0.6.2 (including) | 0.6.2 (including) |
Catfish | Catfish_project | 0.6.3 (including) | 0.6.3 (including) |
Catfish | Catfish_project | 0.6.4 (including) | 0.6.4 (including) |
Catfish | Catfish_project | 0.8.0 (including) | 0.8.0 (including) |
Catfish | Catfish_project | 0.8.1 (including) | 0.8.1 (including) |
Catfish | Catfish_project | 0.8.2 (including) | 0.8.2 (including) |
Catfish | Catfish_project | 1.0.0 (including) | 1.0.0 (including) |