4 matches found
Astra Linux – Vulnerability in zsh
In zsh before version 5.8.1, an attacker can gain code execution if they control the command output within the prompt, as demonstrated by using a %F argument. This occurs due to the recursive PROMPTSUBST expansion...
OESA-2022-1567 zsh security update
The zsh is a shell designed for interactive use, and it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh. It can match files by file extension without running an external program, share command history with any shell, and more...
In zsh before 5.8.1 an attacker can achieve code execution if they control a command output inside the prompt as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
...
Zsh 操作系统命令注入漏洞
Zsh is a command interpreter that can be used as a shell for interactive login and scripting. A security vulnerability exists in Zsh that stems from the recursive PROMPTSUBST extension. In zsh before 5.8.1, an attacker can achieve code execution by controlling the output of commands within the...