14 lines
949 B
JSON
14 lines
949 B
JSON
{
|
|
"id": "openEuler-SA-2022-2094",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2022-2094",
|
|
"title": "An update for zsh is now available for openEuler-22.03-LTS",
|
|
"severity": "High",
|
|
"description": "The zsh is a shell designed for interactive use, and it is also a powerful scripting language. Many of the useful features of bash, ksh, and tcsh were incorporated into zsh. It can match files by file extension without running an external program, share command history with any shell, and more.\r\n\r\nSecurity Fix(es):\r\n\r\nIn zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.(CVE-2021-45444)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2021-45444",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45444",
|
|
"severity": "High"
|
|
}
|
|
]
|
|
} |