Description
Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.
References (1)
Core 1
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/ohmyzsh/ohmyzsh/commit/06fc5fb
Scores
CVSS v3
7.5
EPSS
0.0136
EPSS Percentile
80.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
CWE-94
Status
published
Products (1)
planetargon/oh_my_zsh
< 11-11-2021
Published
Nov 30, 2021
Tracked Since
Feb 18, 2026