Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38396 PoC — iTerm2 安全漏洞

Source
https://github.com/vin01/poc-cve-2024-38396
Associated Vulnerability
Title:iTerm2 安全漏洞 (CVE-2024-38396)
Description:An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than CVE-2024-38395.
Description
PoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution
Readme
# CVE-2024-38396 and CVE-2024-38395

This PoC can e used either via a `docker run` or simply `cat`. This repository contains the docker file for `vin01/escape-seq-test:cve-2024-38396`. The PoC simply opens a calculator on OS X.

How to run:

Example 1.  `cat simpler-poc-title-report-code-execution.txt`

Example 2. `docker run --rm vin01/escape-seq-test:cve-2024-38396`
File Snapshot

 [4.0K]  /data/pocs/db1486a3322f7c657348b10707885f1790a56a0f
├── [  89]  Dockerfile
├── [ 371]  README.md
└── [  59]  simpler-poc-title-report-code-execution.txt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →