Описание
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.
Ссылки
- Mailing List
- Patch
- Product
- Exploit
- Mailing List
- Patch
- Product
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия от 3.5.0 (включая) до 3.5.2 (исключая)
cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10304
Средний
9.8 Critical
CVSS3
Дефекты
CWE-94
Связанные уязвимости
CVSS3: 9.8
github
больше 1 года назад
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.
EPSS
Процентиль: 93%
0.10304
Средний
9.8 Critical
CVSS3
Дефекты
CWE-94