In zsh prior to 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zsh zsh |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
apple mac os x |
||
apple mac os x 10.15.7 |
||
apple macos |