CVE-2021-3769

Name of the Vulnerable Software and Affected Versions pygmalion theme (affected versions not specified) pygmalion-virtualenv theme (affected versions not specified) refined theme (affected versions not specified)

Description The vulnerability exists in the pygmalion, pygmalion-virtualenv, and refined themes. These themes use print -P on user-supplied strings to print them to the terminal, specifically on git information such as the branch name. If the branch has a specially-crafted name, the vulnerability can be exploited.

Recommendations For the pygmalion theme, consider disabling the use of print -P on user-supplied strings until a patch is available. For the pygmalion-virtualenv theme, consider disabling the use of print -P on user-supplied strings until a patch is available. For the refined theme, consider disabling the use of print -P on user-supplied strings until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.