Browse all 3 CVE security advisories affecting zsh. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Zsh serves as an interactive shell and scripting language, primarily used for command-line automation and user interface customization. Historically, vulnerabilities have included remote code execution through specially crafted completion scripts and privilege escalation via path manipulation in history files. While not a major incident magnet, zsh has faced issues like command injection in completion systems and insecure temporary file handling. With three current CVEs, security risks remain moderate, often stemming from input validation flaws in interactive features. The shell's extensive customization options occasionally introduce attack surfaces, though its codebase benefits from regular security audits compared to some larger alternatives.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2018-1100 | zsh 缓冲区错误漏洞 — zshCWE-120 | 7.8 | - | 2018-04-11 |
| CVE-2018-1083 | Zsh 安全漏洞 — zshCWE-120 | 7.8 | - | 2018-03-28 |
| CVE-2018-1071 | zsh 缓冲区错误漏洞 — zshCWE-121 | 5.5 | - | 2018-03-09 |
This page lists every published CVE security advisory associated with zsh. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.