Lucene search
HistoryOct 23, 2023 - 12:15 a.m.
CVE-2023-46321
iterm2
cve-2023-46321
security vulnerability
shell metacharacters
nvd
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.3%
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.
Affected configurations
Node
iterm2iterm2Range≤3.4.21
ORiterm2iterm2Match3.5.0beta1
ORiterm2iterm2Match3.5.0beta10
ORiterm2iterm2Match3.5.0beta2
ORiterm2iterm2Match3.5.0beta3
ORiterm2iterm2Match3.5.0beta4
ORiterm2iterm2Match3.5.0beta5
ORiterm2iterm2Match3.5.0beta6
ORiterm2iterm2Match3.5.0beta7
ORiterm2iterm2Match3.5.0beta8
ORiterm2iterm2Match3.5.0beta9
| CPE | Name | Operator | Version |
|---|---|---|---|
| iterm2:iterm2 | iterm2 | le | 3.4.21 |
| iterm2:iterm2 | iterm2 | eq | 3.5.0 |
Related
osv
osv
CVE-2023-46321
2023-10-23 00:15:08
nvd
nvd
CVE-2023-46321
2023-10-23 00:15:08
prion
prion
Command injection
2023-10-23 00:15:00
cvelist
cvelist
CVE-2023-46321
2023-10-22 00:00:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.3%
Related for CVE-2023-46321