CVE-2021-3726

Summary

Vulnerability in title function Description: the title function defined in lib/termsupport.zsh uses print to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the title function in a way that is unsafe. Fixed in: a263cdac. Impacted areas: - title function in lib/termsupport.zsh. - Custom user code using the title function.

Affected Software

VendorProductVersion RangeStatus
ohmyzshohmyzsh/ohmyzshunspecified < a263cdacaffected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References