{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T22:28:07.634","vulnerabilities":[{"cve":{"id":"CVE-2021-3726","sourceIdentifier":"security@huntr.dev","published":"2021-11-30T10:15:08.883","lastModified":"2024-11-21T06:22:15.633","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"# Vulnerability in `title` function **Description**: the `title` function defined in `lib/termsupport.zsh` uses `print` to set the terminal title to a user-supplied string. In Oh My Zsh, this function is always used securely, but custom user code could use the `title` function in a way that is unsafe. **Fixed in**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Impacted areas**: - `title` function in `lib/termsupport.zsh`. - Custom user code using the `title` function."},{"lang":"es","value":"# Vulnerabilidad en la función \"title\" **Descripción**: la función \"title\" definida en \"lib/termsupport.zsh\" usa \"print\" para establecer el título de la terminal a una cadena proporcionada por el usuario. En Oh My Zsh, esta función es siempre usada de forma segura, pero el código de usuario personalizado podría usar la función \"title\" de forma no segura. **Corregido en**: [a263cdac](https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac). **Áreas afectadas**: - Función \"title\" en \"lib/termsupport.zsh\". - Código de usuario personalizado usando la función \"title\""}],"metrics":{"cvssMetricV31":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:planetargon:oh_my_zsh:*:*:*:*:*:*:*:*","versionEndExcluding":"2021-11-11","matchCriteriaId":"80FD5E81-3E73-4921-925C-E55098EAE4B1"}]}]}],"references":[{"url":"https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac","source":"security@huntr.dev","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ohmyzsh/ohmyzsh/commit/a263cdac","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}