Описание
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-38395
- https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219
- https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2
- https://iterm2.com/downloads.html
- https://www.openwall.com/lists/oss-security/2024/06/15/1
- http://www.openwall.com/lists/oss-security/2024/06/17/1
Связанные уязвимости
CVSS3: 9.8
nvd
больше 1 года назад
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."