CVE-2021-3727

Vulnerability in rand-quote and hitokoto plugins Description : the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command injecti...

CVE-2021-3725

Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, th...

CVE-2021-3769

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description : these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability c...

CVE-2021-3934

ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command

CVE-2021-3726

Vulnerability in title function Description : the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in : ...