Oh My Zsh Security Vulnerabilities
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, th...
8.8CVSS
8.9AI Score
0.002EPSS
Vulnerability in title function Description : the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in : ...
9.8CVSS
9.3AI Score
0.002EPSS
Vulnerability in rand-quote and hitokoto plugins Description : the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command injecti...
9.8CVSS
9.6AI Score
0.002EPSS
Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description : these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability c...
9.8CVSS
9.3AI Score
0.002EPSS
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command
7.5CVSS
7.5AI Score
0.002EPSS