ohmyzsh
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-3769 | Hig | 0.00 | 7.5 | 0.01 | Nov 30, 2021 | # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a… | ||
| CVE-2021-3727 | Hig | 0.00 | 7.5 | 0.01 | Nov 30, 2021 | # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols,… | ||
| CVE-2021-3726 | Hig | 0.00 | 7.5 | 0.01 | Nov 30, 2021 | # Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function… | ||
| CVE-2021-3725 | Hig | 0.00 | 7.5 | 0.01 | Nov 30, 2021 | Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name,… | ||
| CVE-2021-3934 | Hig | 0.00 | 7.5 | 0.01 | Nov 12, 2021 | ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command |
- risk 0.00cvss 7.5epss 0.01
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a…
- risk 0.00cvss 7.5epss 0.01
# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols,…
- risk 0.00cvss 7.5epss 0.01
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function…
- risk 0.00cvss 7.5epss 0.01
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name,…
- risk 0.00cvss 7.5epss 0.01
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command