Marc Cornellà b3ba9978cc fix(themes): fix potential command injection in pygmalion, pygmalion-virtualenv and refined ...

The pygmalion and pygmalion-virtualenv themes unsafely handle git prompt information
which results in a double evaluation of this information, so a malicious git repository
could trigger a command injection if the user cloned and entered the repository.

A similar method could be used in the refined theme. All themes have been patched against this
vulnerability.

2021-11-11 22:45:40 +01:00

1.8 KiB

Raw Blame History

View Raw