Vulnerability Description
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Planetargon | Oh My Zsh | < 2021-11-11 |
Related Weaknesses (CWE)
References
- https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978PatchThird Party Advisory
- https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978PatchThird Party Advisory
FAQ
What is CVE-2021-3769?
CVE-2021-3769 is a vulnerability with a CVSS score of 7.5 (HIGH). # Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on ...
How severe is CVE-2021-3769?
CVE-2021-3769 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-3769?
Check the references section above for vendor advisories and patch information. Affected products include: Planetargon Oh My Zsh.