Vulnerabilities > CVE-2021-45444

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
zsh
fedoraproject
debian
apple

Summary

In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.

Vulnerable Configurations

Part Description Count
Application
Zsh
191
OS
Fedoraproject
2
OS
Debian
3
OS
Apple
49