Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OS Command Injection in ohmyzsh/ohmyzsh
Vulnerability Description
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
ohmyzsh 操作系统命令注入漏洞
Vulnerability Description
ohmyzsh是一个开源的、社区驱动的框架,用于管理您的zsh配置。 ohmyzsh 存在操作系统命令注入漏洞,攻击者可以利用该漏洞通过pygmalion,pygmalion-virtualenv和refined主题触发命令注入。
CVSS Information
N/A
Vulnerability Type
N/A