Lucene search
@huntrdevCVELIST:CVE-2021-3934HistoryNov 12, 2021 - 11:45 a.m.
CVE-2021-3934 OS Command Injection in ohmyzsh/ohmyzsh
2021-11-1211:45:10
CWE-78
@huntrdev
www.cve.org
2
cve-2021-3934
ohmyzsh
command injection
os command
improper neutralization
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
60.7%
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command
CNA Affected
[
{
"product": "ohmyzsh/ohmyzsh",
"vendor": "ohmyzsh",
"versions": [
{
"lessThan": "6cb41b70a6d04301fd50cd5862ecd705ba226c0e",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-3934
2021-11-12 12:15:07
cve
cve
CVE-2021-3934
2021-11-12 12:15:07
prion
prion
Command injection
2021-11-12 12:15:00
huntr
huntr
OS Command Injection in ohmyzsh/ohmyzsh
2021-11-02 02:06:43
nvd
nvd
CVE-2021-3934
2021-11-12 12:15:07
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
60.7%
Related for CVELIST:CVE-2021-3934