CVE-2021-3727
7.5
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Vulnerability in rand-quote and hitokoto plugins Description: the rand-quote and hitokoto fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use print -P to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. Fixed in: 72928432. Impacted areas: - rand-quote plugin (quote function). - hitokoto plugin (hitokoto function).
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ohmyzsh | ohmyzsh/ohmyzsh | unspecified < 72928432 | affected |
Weaknesses
- CWE-78: CWE-78 OS Command Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.