3 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
9.2 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.1%
Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen
and prior to version 0.17.1 in mutagen-compose
, Mutagen list
and monitor
commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk.
[
{
"vendor": "mutagen-io",
"product": "mutagen",
"versions": [
{
"version": "github.com/mutagen-io/mutagen < 0.16.6",
"status": "affected"
},
{
"version": "github.com/mutagen-io/mutagen >= 0.17.0, < 0.17.1",
"status": "affected"
},
{
"version": "github.com/mutagen-io/mutagen-compose < 0.17.1",
"status": "affected"
}
]
}
]
3 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
9.2 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.1%