CVE-2023-46301

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
Configurations

Configuration 1 (hide)

cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*

History

31 Oct 2023, 17:08

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
First Time Iterm2 iterm2
Iterm2
CWE CWE-116
CPE cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:*
References (MISC) https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b - (MISC) https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b - Patch
References (MISC) https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce - (MISC) https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce - Exploit, Third Party Advisory
References (MISC) https://iterm2.com/news.html - (MISC) https://iterm2.com/news.html - Release Notes
References (MISC) https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 - (MISC) https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009 - Patch

22 Oct 2023, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-22 04:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-46301

Mitre link : CVE-2023-46301

CVE.ORG link : CVE-2023-46301


JSON object : View

Products Affected

iterm2

  • iterm2
CWE
CWE-116

Improper Encoding or Escaping of Output