7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
zsh is vulnerable to remote code execution. The vulnerability exists due to the ability to inject maliciously crafted script to control a command output inside the prompt.
seclists.org/fulldisclosure/2022/May/33
seclists.org/fulldisclosure/2022/May/35
seclists.org/fulldisclosure/2022/May/38
lists.debian.org/debian-lts-announce/2022/02/msg00020.html
lists.fedoraproject.org/archives/list/[email protected]/message/2P3LPMGENEHKDWFO4MWMZSZL6G7Y4CV7/
lists.fedoraproject.org/archives/list/[email protected]/message/BWF3EXNBX5SVFDBL4ZFOD4GJBWFUKWN4/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.12/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
support.apple.com/kb/HT213255
support.apple.com/kb/HT213256
support.apple.com/kb/HT213257
vuln.ryotak.me/advisories/63
www.debian.org/security/2022/dsa-5078
zsh.sourceforge.io/releases.html
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P