Vulnerability Description
# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Planetargon | Oh My Zsh | < 2021-11-11 |
Related Weaknesses (CWE)
References
- https://github.com/ohmyzsh/ohmyzsh/commit/a263cdacPatchThird Party Advisory
- https://github.com/ohmyzsh/ohmyzsh/commit/a263cdacPatchThird Party Advisory
FAQ
What is CVE-2021-3726?
CVE-2021-3726 is a vulnerability with a CVSS score of 7.5 (HIGH). # Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function...
How severe is CVE-2021-3726?
CVE-2021-3726 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3726?
Check the references section above for vendor advisories and patch information. Affected products include: Planetargon Oh My Zsh.