16 matches found
EUVD-2021-27148
Malware in sbrugna...
CVE-2021-3934
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command...
CVE-2021-3769 OS Command Injection in ohmyzsh/ohmyzsh
Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...
CVE-2021-3727
CVE-2021-3727 concerns the ohmyzsh rand-quote and hitokoto plugins. The description states that quotes fetched from external APIs (quotationspage.com and hitokoto.cn) could, if containing certain symbols, trigger a command injection when processed and printed via print -P. The root cause is not d...
CVE-2021-3727 OS Command Injection in ohmyzsh/ohmyzsh
Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command...
CVE-2021-3726 OS Command Injection in ohmyzsh/ohmyzsh
Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in:...
CVE-2021-3725 OS Command Injection in ohmyzsh/ohmyzsh
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left,...
ohmyzsh 操作系统命令注入漏洞
ohmyzsh is an open source, community-driven framework for managing your zsh configuration. An operating system command injection vulnerability exists in ohmyzsh, which stems from the "title" function defined in "lib/termsupport.zsh" that uses "print" to set the terminal title to a user-supplied...
ohmyzsh 操作系统命令注入漏洞
ohmyzsh is an open source, community-driven framework for managing your zsh configuration. ohmyzsh suffers from an operating system command injection vulnerability that can be exploited by an attacker to trigger command injection via the rand-quote and hitokoto plugins...
ohmyzsh 代码注入漏洞
ohmyzsh is an open source, community-driven framework for managing your zsh configuration. ohmyzsh suffers from an operating system command injection vulnerability that stems from a widget that moves back and forth in the directory history triggered by pressing Alt-Left and Alt-Right using a...
CVE-2021-3934
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command...
CVE-2021-3934
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command...
Command injection
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command...
CVE-2021-3934 OS Command Injection in ohmyzsh/ohmyzsh
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command...
CVE-2021-3934
CVE-2021-3934 affects Oh My Zsh (ohmyzsh). The vulnerability stems from omz_urldecode using eval on unsanitized user input within the svn plugin, enabling command injection. Some sources describe a feasible attack path that could yield remote code execution depending on themes/plugins in use. Pub...
PT-2021-22546
Name of the Vulnerable Software and Affected Versions: ohmyzsh affected versions not specified Description: The issue concerns Improper Neutralization of Special Elements used in an OS Command. Recommendations: At the moment, there is no information about a newer version that contains a fix for...