{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T15:25:17.909","vulnerabilities":[{"cve":{"id":"CVE-2026-27113","sourceIdentifier":"security-advisories@github.com","published":"2026-02-20T22:16:29.503","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arbitrary command injection can lead to code execution when a user enters a directory in a Git repository containing a crafted branch name. Exploitation requires the LP_ENABLE_GITSTATUSD config option to be enabled (enabled by default), gitstatusd to be installed and started before Liquid Prompt is loaded (not the default), and shell prompt substitution to be active (enabled by default in Bash via \"shopt -s promptvars\", not enabled by default in Zsh). A branch name containing shell syntax such as \"$(...)\" or backtick expressions in the default branch or a checked-out branch will be evaluated by the shell when the prompt is rendered. No stable release is affected; only the master branch contains the vulnerable commit. Commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c contains a fix. As a workaround, set the LP_ENABLE_GITSTATUSD config option to 0."},{"lang":"es","value":"Liquid Prompt es un *prompt* adaptativo para Bash y Zsh. A partir del *commit* cf3441250bb5d8b45f6f8b389fcdf427a99ac28a y antes del *commit* a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c en la rama *master*, la inyección de comandos arbitraria puede llevar a la ejecución de código cuando un usuario entra en un directorio de un repositorio Git que contiene un nombre de rama manipulado. La explotación requiere que la opción de configuración LP_ENABLE_GITSTATUSD esté habilitada (habilitada por defecto), que *gitstatusd* esté instalado e iniciado antes de que se cargue Liquid Prompt (no es el valor por defecto), y que la sustitución del *prompt* de la *shell* esté activa (habilitada por defecto en Bash a través de 'shopt -s promptvars', no habilitada por defecto en Zsh). Un nombre de rama que contenga sintaxis de *shell* como '$(...)' o expresiones de *backtick* en la rama por defecto o en una rama extraída será evaluado por la *shell* cuando se renderice el *prompt*. Ninguna versión estable está afectada; solo la rama *master* contiene el *commit* vulnerable. El *commit* a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c contiene una corrección. Como solución alternativa, establezca la opción de configuración LP_ENABLE_GITSTATUSD en 0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.0,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"references":[{"url":"https://github.com/liquidprompt/liquidprompt/commit/a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c","source":"security-advisories@github.com"},{"url":"https://github.com/liquidprompt/liquidprompt/security/advisories/GHSA-q6hm-vf4f-47jf","source":"security-advisories@github.com"}]}}]}