On Thu, Oct 28, 2021 at 08:33:22PM +0000, elettrino via Bug reports for the GNU Bourne Again SHell wrote: > > user@machine:~$ USER_INPUT='x[$(id>&2)]' > user@machine:~$ test -v "$USER_INPUT" > uid=1519(user) gid=1519(user) groups=1519(user),100(users) > user@machine:~$
Whoo. This uses a feature that was introduced in bash 4.2. It doesn't cause code injection in bash 4.2, though. It *does* cause code injection in bash 4.3 through 5.1. Adding it to my wiki page.
