fix(lib): fix `omz_urldecode` unsafe eval bug - zsh.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Marc Cornellà <hello@mcornella.com>	2021-11-08 17:46:14 +0100
committer	Marc Cornellà <hello@mcornella.com>	2021-11-11 22:44:18 +0100
commit	6cb41b70a6d04301fd50cd5862ecd705ba226c0e (patch)
tree	519d2054947782c51b6d9226791fa3c54f082f4d /plugins/zsh-navigation-tools/.config/znt
parent	1448d234d6d9c25f64a48b16379b34db28a36898 (diff)
download	zsh-6cb41b70a6d04301fd50cd5862ecd705ba226c0e.tar.gz zsh-6cb41b70a6d04301fd50cd5862ecd705ba226c0e.tar.bz2 zsh-6cb41b70a6d04301fd50cd5862ecd705ba226c0e.zip

fix(lib): fix `omz_urldecode` unsafe eval bug

The `omz_urldecode` function uses an eval to decode the input which can be exploited to inject commands. This is used only in the svn plugin and it requires a complex process to exploit, so it is highly unlikely to have been used by an attacker.

Diffstat (limited to 'plugins/zsh-navigation-tools/.config/znt')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: