Gnu · Dash · CVE-2009-0854
**Name of the Vulnerable Software and Affected Versions**
dash version 0.5.4
**Description**
The issue allows local users to execute arbitrary code via a Trojan horse .profile file in the current working directory when dash is used as a login shell.
**Recommendations**
For dash version 0.5.4, consider updating to a newer version that addresses this issue, or as a temporary workaround, restrict the use of dash as a login shell to minimize the risk of exploitation.