2 matches found
CVE-2023-46322
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...
CVE-2023-46322
iTerm2 (macOS) before 3.5.0beta12 contains an issue in the iTermSessionLauncher.m component where SSH hostnames in URLs are not sanitized. The hostname’s first character may be non‑alphanumeric and other characters may fall outside the allowed alphanumeric, dash, and period set, enabling potentia...