{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T15:18:08.291","vulnerabilities":[{"cve":{"id":"CVE-2021-3727","sourceIdentifier":"security@huntr.dev","published":"2021-11-30T10:15:08.940","lastModified":"2024-11-21T06:22:15.777","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"# Vulnerability in `rand-quote` and `hitokoto` plugins **Description**: the `rand-quote` and `hitokoto` fetch quotes from quotationspage.com and hitokoto.cn respectively, do some process on them and then use `print -P` to print them. If these quotes contained the proper symbols, they could trigger command injection. Given that they're an external API, it's not possible to know if the quotes are safe to use. **Fixed in**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Impacted areas**: - `rand-quote` plugin (`quote` function). - `hitokoto` plugin (`hitokoto` function)."},{"lang":"es","value":"# Vulnerabilidad en los plugins \"rand-quote\" y \"hitokoto\" **Descripción**: los plugins \"rand-quote\" y \"hitokoto\" obtienen las citas de quotationspage.com y hitokoto.cn respectivamente, realizan algún proceso sobre ellas y luego usan \"print -P\" para imprimirlas. Si estas cotizaciones contienen los símbolos apropiados, podrían desencadenar una inyección de comandos. Dado que se trata de una API externa, no es posible saber si las comillas son seguras de usar. **Corregido en**: [72928432](https://github.com/ohmyzsh/ohmyzsh/commit/72928432). **Áreas afectadas**: - Plugin \"rand-quote\" (función \"quote\"). - Plugin \"hitokoto\" (función \"hitokoto\")"}],"metrics":{"cvssMetricV31":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:planetargon:oh_my_zsh:*:*:*:*:*:*:*:*","versionEndExcluding":"72928432","matchCriteriaId":"6F5DAA6D-AAD2-474D-881C-0DABE9C284CD"}]}]}],"references":[{"url":"https://github.com/ohmyzsh/ohmyzsh/commit/72928432","source":"security@huntr.dev","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ohmyzsh/ohmyzsh/commit/72928432","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}