CVE-2019-9535
09.10.2019, 20:15
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.
| Vendor | Product | Version |
|---|---|---|
| iterm2 | iterm2 | 𝑥 ≤ 3.3.5 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted DataThe software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.
- CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
References