admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-37xx/CVE-2021-3726.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

126 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-3726",
"sourceIdentifier": "security@huntr.dev",
"published": "2021-11-30T10:15:08.883",
"lastModified": "2021-11-30T20:49:42.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function."
},
{
"lang": "es",
"value": "# Vulnerabilidad en la funci\u00f3n \"title\" **Descripci\u00f3n**: la funci\u00f3n \"title\" definida en \"lib/termsupport.zsh\" usa \"print\" para establecer el t\u00edtulo de la terminal a una cadena proporcionada por el usuario. En Oh My Zsh, esta funci\u00f3n es siempre usada de forma segura, pero el c\u00f3digo de usuario personalizado podr\u00eda usar la funci\u00f3n \"title\" de forma no segura. **Corregido en**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **\u00c1reas afectadas**: - Funci\u00f3n \"title\" en \"lib/termsupport.zsh\". - C\u00f3digo de usuario personalizado usando la funci\u00f3n \"title\""
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:planetargon:oh_my_zsh:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2021-11-11",
"matchCriteriaId": "80FD5E81-3E73-4921-925C-E55098EAE4B1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac",
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink