Security Advisory

CVE-2021-3727

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-11-30 09:30:17

Last updated 2024-08-03 17:01:08

Assigner @huntrdev

State PUBLISHED

Description

# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that theyre an external API, its not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function).

← Browse all CVEs View on cve.org ↗