VYPR
Vendor

ohmyzsh

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2021-3769HigNov 30, 2021
    risk 0.00cvss 7.5epss 0.01

    # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a…

  • CVE-2021-3727HigNov 30, 2021
    risk 0.00cvss 7.5epss 0.01

    # Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols,…

  • CVE-2021-3726HigNov 30, 2021
    risk 0.00cvss 7.5epss 0.01

    # Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function…

  • CVE-2021-3725HigNov 30, 2021
    risk 0.00cvss 7.5epss 0.01

    Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name,…

  • CVE-2021-3934HigNov 12, 2021
    risk 0.00cvss 7.5epss 0.01

    ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command