CVE Vulnerabilities

CVE-2023-46321

Published: Oct 23, 2023 | Modified: Nov 01, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.

Affected Software

Name Vendor Start Version End Version
Iterm2 Iterm2 * 3.4.21 (including)
Iterm2 Iterm2 3.5.0-beta1 (including) 3.5.0-beta1 (including)
Iterm2 Iterm2 3.5.0-beta10 (including) 3.5.0-beta10 (including)
Iterm2 Iterm2 3.5.0-beta2 (including) 3.5.0-beta2 (including)
Iterm2 Iterm2 3.5.0-beta3 (including) 3.5.0-beta3 (including)
Iterm2 Iterm2 3.5.0-beta4 (including) 3.5.0-beta4 (including)
Iterm2 Iterm2 3.5.0-beta5 (including) 3.5.0-beta5 (including)
Iterm2 Iterm2 3.5.0-beta6 (including) 3.5.0-beta6 (including)
Iterm2 Iterm2 3.5.0-beta7 (including) 3.5.0-beta7 (including)
Iterm2 Iterm2 3.5.0-beta8 (including) 3.5.0-beta8 (including)
Iterm2 Iterm2 3.5.0-beta9 (including) 3.5.0-beta9 (including)

References