CVE-2021-3769 Information

Description

Vulnerability in pygmalion pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information particularly the branch name so if the branch has a specially-crafted name the vulnerability can be exploited. Fixed in: b3ba9978. Impacted areas: - pygmalion theme. - pygmalion-virtualenv theme. - refined theme.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8