CVE-2021-3725

Name of the Vulnerable Software and Affected Versions dirhistory plugin (affected versions not specified)

Description The issue concerns the widgets for navigating directory history, triggered by pressing Alt-Left and Alt-Right. These widgets use functions that unsafely execute eval on directory names, making the system susceptible to command injection if a directory with a carefully crafted name is accessed and then the Alt-Left key is pressed. The impacted areas include the pop past and pop future functions in the dirhistory plugin.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.