Vulnerabilities > CVE-2021-3769 - Unspecified vulnerability in Planetargon OH MY ZSH

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

planetargon

critical

NVD

Published: 2021-11-30

Updated: 2024-11-21

Summary

# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.

Vulnerable Configurations

Part	Description	Count
Application	Planetargon Planetargon OH MY ZSH -	1

References

https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978
https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978