Advisory #63
| Title | Zsh recursive command expansion vulnerability |
| CVE ID | CVE-2021-45444 |
| Vendor | Zsh |
| Affected product | Zsh |
| Affected versions | <= 5.8 |
| Vulnerability type | CWE-167 (Improper Handling of Additional Special Element) |
| Description | In Zsh 5.8 or below, malicious command outputs inside the prompt perform recursive PROMPT_SUBST expansion, which allows a malicious command output to execute arbitrary commands. |
| Status | Fixed in 5.8.1 |
| Recommendation | Update to 5.8.1 or above. |