-
Marc Cornellà authoredThe `title` function unsafely prints its input without sanitization, which if used with custom user code that calls it, it could trigger command injection. The `spectrum_ls` and `spectrum_bls` could similarly be exploited if a variable is changed in the user's shell environment with a carefully crafted value. This is highly unlikely to occur (and if possible, other methods would be used instead), but with this change the exploit of these two functions is now impossible.
| Name |
Last commit
|
Last update |
|---|---|---|
| .github | ||
| cache | ||
| custom | ||
| lib | ||
| log | ||
| plugins | ||
| templates | ||
| themes | ||
| tools | ||
| .editorconfig | ||
| .gitignore | ||
| .gitpod.Dockerfile | ||
| .gitpod.yml | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE.txt | ||
| README.md | ||
| SECURITY.md | ||
| oh-my-zsh.sh |