CVE-2021-3727 in Oh My Zshinformación

Resumen

por MITRE • 2021-11-30

# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsable

Huntr.dev

Reservar

2021-08-19

Divulgación

2021-11-30

Moderación

aceptado

Artículo

VDB-187344

CPE

listo

EPSS

0.01031

KEV

no

Actividades

muy bajo

Fuentes

Want to stay up to date on a daily basis?

Enable the mail alert feature now!