FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d923fb0c-8c2f-11ec-aa85-0800270512f4	zsh -- Arbitrary command execution vulnerability Marc CornellÃÂ reports: Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPT_SUBST evaluation, if enabled. This could be abused to execute code the user didn't expect. e.g., given a certain prompt configuration, an attacker could trick a user into executing arbitrary code by having them check out a Git branch with a specially crafted name. Discovery 2022-02-12 Entry 2022-02-12 zsh < 5.8.1 CVE-2021-45444 https://zsh.sourceforge.io/releases.html

VuXML ID

Description

d923fb0c-8c2f-11ec-aa85-0800270512f4

zsh -- Arbitrary command execution vulnerability

Marc CornellÃÂ reports:

Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPT_SUBST evaluation, if enabled. This could be abused to execute code the user didn't expect. e.g., given a certain prompt configuration, an attacker could trick a user into executing arbitrary code by having them check out a Git branch with a specially crafted name.

Discovery 2022-02-12
Entry 2022-02-12
zsh

< 5.8.1

CVE-2021-45444
https://zsh.sourceforge.io/releases.html