CVE-2014-2093

Description

Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.

How to fix CVE-2014-2093

To remediate CVE-2014-2093, upgrade the affected package to a fixed version below.

• Debian/catfish—upgrade to 1.0.1-1 or later

Is CVE-2014-2093 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.0.1-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-2093