CVE-2019-9535— iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution

iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content.

N/A

在可信数据中接受外来的不可信数据

iTerm2 注入漏洞

iTerm2是一款为Mac OS X编写的终端仿真程序。 iTerm2 3.3.5及之前版本中的tmux集成功能存在注入漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。

N/A

N/A