admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-37xx/CVE-2021-3727.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

126 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-3727",
"sourceIdentifier": "security@huntr.dev",
"published": "2021-11-30T10:15:08.940",
"lastModified": "2021-12-01T08:05:03.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function)."
},
{
"lang": "es",
"value": "# Vulnerabilidad en los plugins \"rand-quote\" y \"hitokoto\" **Descripci\u00f3n**: los plugins \"rand-quote\" y \"hitokoto\" obtienen las citas de quotationspage.com y hitokoto.cn respectivamente, realizan alg\u00fan proceso sobre ellas y luego usan \"print -P\" para imprimirlas. Si estas cotizaciones contienen los s\u00edmbolos apropiados, podr\u00edan desencadenar una inyecci\u00f3n de comandos. Dado que se trata de una API externa, no es posible saber si las comillas son seguras de usar. **Corregido en**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **\u00c1reas afectadas**: - Plugin \"rand-quote\" (funci\u00f3n \"quote\"). - Plugin \"hitokoto\" (funci\u00f3n \"hitokoto\")"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:planetargon:oh_my_zsh:*:*:*:*:*:*:*:*",
"versionEndExcluding": "72928432",
"matchCriteriaId": "6F5DAA6D-AAD2-474D-881C-0DABE9C284CD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ohmyzsh/ohmyzsh/commit/72928432",
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink