FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d923fb0c-8c2f-11ec-aa85-0800270512f4zsh -- Arbitrary command execution vulnerability

Marc Cornellà reports:

Some prompt expansion sequences, such as %F, support 'arguments' which are themselves expanded in case they contain colour values, etc. This additional expansion would trigger PROMPT_SUBST evaluation, if enabled. This could be abused to execute code the user didn't expect. e.g., given a certain prompt configuration, an attacker could trick a user into executing arbitrary code by having them check out a Git branch with a specially crafted name.


Discovery 2022-02-12
Entry 2022-02-12
zsh
lt 5.8.1

CVE-2021-45444
https://zsh.sourceforge.io/releases.html