Skip to content

O
oh-my-zsh
Switch branch/tag
  1. 03 Jan, 2022 2 commits
  3. 21 Dec, 2021 1 commit
  5. 16 Dec, 2021 1 commit
  7. 13 Dec, 2021 2 commits
  9. 30 Nov, 2021 1 commit
  11. 25 Nov, 2021 1 commit
  13. 11 Nov, 2021 2 commits
    • Marc Cornellà's avatar
      fix(lib): fix potential command injection in `title` and `spectrum` functions · a263cdac
      Marc Cornellà authored 
      The `title` function unsafely prints its input without sanitization, which if used
with custom user code that calls it, it could trigger command injection.

The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is
changed in the user's shell environment with a carefully crafted value. This is
highly unlikely to occur (and if possible, other methods would be used instead),
but with this change the exploit of these two functions is now impossible.
      a263cdac
    • Marc Cornellà's avatar
      fix(lib): fix `omz_urldecode` unsafe eval bug · 6cb41b70
      Marc Cornellà authored 
      The `omz_urldecode` function uses an eval to decode the input which can be
exploited to inject commands. This is used only in the svn plugin and it
requires a complex process to exploit, so it is highly unlikely to have been
used by an attacker.
      6cb41b70
  15. 10 Nov, 2021 1 commit
  17. 09 Nov, 2021 2 commits
  19. 02 Nov, 2021 1 commit
  21. 25 Oct, 2021 1 commit
  23. 10 Oct, 2021 1 commit
  25. 09 Oct, 2021 1 commit
  27. 05 Oct, 2021 1 commit
  29. 04 Oct, 2021 1 commit
  31. 30 Sep, 2021 2 commits
  33. 29 Sep, 2021 2 commits
  35. 22 Sep, 2021 1 commit
  37. 18 Aug, 2021 2 commits
  39. 17 Aug, 2021 5 commits
  41. 13 Aug, 2021 1 commit
  43. 10 Aug, 2021 2 commits
  45. 17 Jun, 2021 1 commit
  47. 13 Jun, 2021 1 commit
  49. 12 Jun, 2021 1 commit
  51. 25 Mar, 2021 1 commit
  53. 08 Mar, 2021 1 commit
  55. 01 Mar, 2021 1 commit