17 matches found
Astra Linux - уязвимость в zsh
In zsh before version 5.8.1, an attacker can gain code execution if they control the command output within the prompt, as demonstrated by using a %F argument. This occurs due to the recursive PROMPTSUBST expansion...
CVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
CVE-2026-27113
Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git...
Linux Distros Unpatched Vulnerability : CVE-2021-45444
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs...
SUSE CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...
OESA-2022-2094 zsh security update
The zsh is a shell designed for interactive use, and it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh. It can match files by file extension without running an external program, share command history with any shell, and more...
zsh: Prompt expansion vulnerability
A vulnerability was found in zsh in the parsecolorchar function of prompt.c file. This flaw allows an attacker to perform code execution if they control a command output inside the prompt, as stated by a %F%K argument. This occurs because of recursive PROMPTSUBST expansion...
CLSA-2022-1648567648 Fix of CVE: CVE-2021-45444
CVE-2021-45444: do not expand PROMPTSUBST within argument of prompt-expansion sequences such as file.file to avoid arbitrary code execution...
CLSA-2022-1648138003 Fix CVE(s): CVE-2019-20044, CVE-2021-45444
SECURITY UPDATE: Regain dropped privileges - debian/patches/CVE-2019-20044-pre.patch: change the order of the calls to setgid this should go first and setuid in Src/options.c. - debian/patches/CVE-2019-20044-1.patch: add extra checks to drop privileges securely in Src/options.c. -...
OESA-2022-1567 zsh security update
The zsh is a shell designed for interactive use, and it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh. It can match files by file extension without running an external program, share command history with any shell, and more...
In zsh before 5.8.1 an attacker can achieve code execution if they control a command output inside the prompt as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
...
AZL-8586 CVE-2021-45444 affecting package zsh for versions less than 5.9-1
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...
DEBIAN-CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...
ALPINE-CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...
UBUNTU-CVE-2021-45444
In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPTSUBST expansion...
PT-2022-1769 · Zsh +11 · Zsh +11
Name of the Vulnerable Software and Affected Versions: zsh versions prior to 5.8.1 Description: The issue is related to the recursive PROMPT SUBST expansion in zsh, allowing an attacker to achieve code execution if they control a command output inside the prompt. This can be demonstrated by a %F...
Zsh 操作系统命令注入漏洞
Zsh is a command interpreter that can be used as a shell for interactive login and scripting. A security vulnerability exists in Zsh that stems from the recursive PROMPTSUBST extension. In zsh before 5.8.1, an attacker can achieve code execution by controlling the output of commands within the...