Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OS Command Injection in ohmyzsh/ohmyzsh
Vulnerability Description
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
ohmyzsh 操作系统命令注入漏洞
Vulnerability Description
ohmyzsh是一个开源的、社区驱动的框架,用于管理您的zsh配置。 ohmyzsh 存在操作系统命令注入漏洞,该漏洞源于"lib/termsupport.zsh"中定义的"title"函数使用"print"将终端标题设置为用户提供的字符串。
CVSS Information
N/A
Vulnerability Type
N/A