CVE-2023-46322

EPSS 0.7%CWE-117

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01 https://iterm2.com/downloads.html