VYPR
High severity7.5NVD Advisory· Published Nov 30, 2021· Updated Jun 17, 2026

CVE-2021-3727

CVE-2021-3727

Description

# Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. Fixed in: 72928432. Impacted areas: - rand-quote plugin (quote function). - hitokoto plugin (hitokoto function).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • ohmyzsh/ohmyzshllm-fuzzy2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.