CVE-2021-3726
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in: a263cdac. Impacted areas: - title function in lib/termsupport.zsh. - Custom user code using the title function.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ohmyzsh | ohmyzsh/ohmyzsh | unspecified < a263cdac | affected |
Weaknesses
- CWE-78: CWE-78 OS Command Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.