{"id":"CVE-2021-3769","details":"# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme.","modified":"2026-03-14T11:03:51.505736Z","published":"2021-11-30T10:15:09Z","references":[{"type":"FIX","url":"https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/ohmyzsh/ohmyzsh","events":[{"introduced":"0"},{"fixed":"b3ba9978"}]},{"type":"GIT","repo":"https://github.com/ohmyzsh/ohmyzsh","events":[{"introduced":"0"},{"fixed":"b3ba9978"}]}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"2021-11-11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3769.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}