SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.
References
Link | Resource |
---|---|
https://github.com/migueldeicaza/SwiftTerm/commit/a94e6b24d24ce9680ad79884992e1dff8e150a31 | Patch Third Party Advisory |
https://github.com/migueldeicaza/SwiftTerm/security/advisories/GHSA-jq43-q8mx-r7mq | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2022-12-02T22:53:45.174Z
Updated:
Reserved: 2022-01-19T21:23:53.755Z
Link: CVE-2022-23465
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-12-02T23:15:16.617
Modified: 2023-07-14T19:10:22.170
Link: CVE-2022-23465
JSON object: View
Redhat Information
No data.
CWE