FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d923fb0c-8c2f-11ec-aa85-0800270512f4zsh -- Arbitrary command execution vulnerability

Marc Cornellà reports:

Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPT_SUBST evaluation, if enabled. This could be abused to execute code the user didn't expect. e.g., given a certain prompt configuration, an attacker could trick a user into executing arbitrary code by having them check out a Git branch with a specially crafted name.


Discovery 2022-02-12
Entry 2022-02-12
zsh
< 5.8.1

CVE-2021-45444
https://zsh.sourceforge.io/releases.html