fix(themes): fix potential command injection in `pygmalion`, `pygmalion-virtualenv` and `refined` - zsh.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Marc Cornellà <hello@mcornella.com>	2021-11-09 09:54:21 +0100
committer	Marc Cornellà <hello@mcornella.com>	2021-11-11 22:45:40 +0100
commit	b3ba9978cc42a5031c7b68e3cf917ec2e64643bc (patch)
tree	2f5694f3958a058519e25423f50a3b45d1ff1ed8 /plugins/branch
parent	72928432f1ddaa244e02067dd7fc14948a4a5ce4 (diff)
download	zsh-b3ba9978cc42a5031c7b68e3cf917ec2e64643bc.tar.gz zsh-b3ba9978cc42a5031c7b68e3cf917ec2e64643bc.tar.bz2 zsh-b3ba9978cc42a5031c7b68e3cf917ec2e64643bc.zip

fix(themes): fix potential command injection in `pygmalion`, `pygmalion-virtualenv` and `refined`

The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information which results in a double evaluation of this information, so a malicious git repository could trigger a command injection if the user cloned and entered the repository. A similar method could be used in the refined theme. All themes have been patched against this vulnerability.

Diffstat (limited to 'plugins/branch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: