CVE-2021-3727 in Oh My Zshinformazioni

Riassunto

di MITRE • 30/11/2021

# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsabile

Huntr.dev

Prenotare

19/08/2021

Divulgazione

30/11/2021

Moderazione

accettato

CPE

pronto

EPSS

0.01031

KEV

no

Attività

molto basso

Fonti

Want to know what is going to be exploited?

We predict KEV entries!