iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.
References
| Link | Resource |
|---|---|
| https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01 | Third Party Advisory |
| https://iterm2.com/downloads.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Nov 2023, 16:45
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-noinfo | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
| First Time |
Iterm2
Iterm2 iterm2 |
|
| References | (MISC) https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01 - Third Party Advisory | |
| References | (MISC) https://iterm2.com/downloads.html - Vendor Advisory | |
| CPE | cpe:2.3:a:iterm2:iterm2:*:*:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta2:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta9:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta6:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta10:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta1:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta8:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta4:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta3:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta5:*:*:*:*:*:* cpe:2.3:a:iterm2:iterm2:3.5.0:beta7:*:*:*:*:*:* |
23 Oct 2023, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-23 00:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-46322
Mitre link : CVE-2023-46322
CVE.ORG link : CVE-2023-46322
JSON object : View
Products Affected
iterm2
- iterm2
CWE