cvedb.io
CVE-2021-3725
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2021-11-30T10:15:08.670 · Last modified 2026-06-17T04:05:38.660

Summary

Vulnerability in dirhistory plugin Description: the widgets that go back and forward in the directory history, triggered by pressing Alt-Left and Alt-Right, use functions that unsafely execute eval on directory names. If you cd into a directory with a carefully-crafted name, then press Alt-Left, the system is subject to command injection. Impacted areas: - Functions pop_past and pop_future in dirhistory plugin.

Affected products

planetargon — oh_my_zsh

Does this affect you?

Add your gear to cvedb and we'll alert you only when planetargon ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.