22 matches found
CVE-2026-3108
A flaw was found in Mattermost. This vulnerability in the mmctl command-line interface allows attackers to manipulate administrator terminals. By sending specially crafted messages containing ANSI and Operating System Command OSC escape sequences, an attacker can enable screen manipulation, displ...
Mattermost allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
CVE-2026-3108
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
CVE-2026-3108
Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...
Mattermost 安全漏洞
Mattermost is an open-source collaboration platform developed by the American company Mattermost. There is a security vulnerability in Mattermost, which stems from the failure to clean up post content controlled by users. This vulnerability could allow attackers to manipulate administrator...
Amazon Linux 2023 : cargo-c (ALAS2023-2025-1180)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1180 advisory. tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence...
AZL-73211 CVE-2025-58160 affecting package kata-containers 3.19.1.kata2-6
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
AZL-73244 CVE-2025-58160 affecting package rpm-ostree for versions less than 2022.1-8
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
AZL-73217 CVE-2025-58160 affecting package rpm-ostree 2024.4-6
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
AZL-78618 CVE-2025-58160 affecting package trident 0.21.0-1
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
DEBIAN-CVE-2025-58160
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
CVE-2025-58160
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
UBUNTU-CVE-2025-58160
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
CVE-2025-58160
CVE-2025-58160 affects Rust tracing-subscriber prior to 0.3.20. Untrusted input with ANSI escape sequences could be injected into terminal output, potentially allowing manipulation of terminal title bars, screen clearing, or display changes. The vulnerability is fixed in 0.3.20 by escaping ANSI c...
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into...
Tracing logging user input may result in poisoning logs with ANSI escape sequences
Impact Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens o...
Logging user input may result in poisoning logs with ANSI escape sequences
Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens or modif...
RUSTSEC-2025-0055 Logging user input may result in poisoning logs with ANSI escape sequences
Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens or modif...
CVE-2023-22499
Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Multi-threaded programs were able to spoof interactive permission prompt by rewriting the prompt to suggest that program is waiting on user confirmation to unrelated action. A malicious program could clear the...
RUSTSEC-2024-0364 gitoxide-core does not neutralize special characters for terminals
Summary The gix and ein commands write pathnames and other metadata literally to terminals, even if they contain characters terminals treat specially, including ANSI escape sequences. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages...