{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T19:29:49.472","vulnerabilities":[{"cve":{"id":"CVE-2021-3769","sourceIdentifier":"security@huntr.dev","published":"2021-11-30T10:15:09.000","lastModified":"2024-11-21T06:22:22.900","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme."},{"lang":"es","value":"# Vulnerabilidad en los temas \"pygmalion\", \"pygmalion-virtualenv\" y \"refined\" **Descripción**: estos temas usan \"print -P\" en las cadenas proporcionadas por el usuario para imprimirlas en la terminal. Todos ellos lo hacen sobre la información de git, particularmente el nombre de la rama, por lo que si la rama presenta un nombre especialmente diseñado la vulnerabilidad puede ser explotada. **Corregido en**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Áreas afectadas**: - Tema \"pygmalion\". - Tema \"pygmalion-virtualenv\". - Tema \"refined\""}],"metrics":{"cvssMetricV31":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:planetargon:oh_my_zsh:*:*:*:*:*:*:*:*","versionEndExcluding":"2021-11-11","matchCriteriaId":"80FD5E81-3E73-4921-925C-E55098EAE4B1"}]}]}],"references":[{"url":"https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978","source":"security@huntr.dev","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}