<p>A fix was pushed into the <code>master</code> branch but not yet published.</p>

SwiftTerm package, versions *

Snyk CVSS

Attack Complexity Low

User Interaction Required

Scope Changed

Confidentiality High

Threat Intelligence

EPSS 0.06% (25^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-SWIFT-MIGUELDEICAZASWIFTTERM-3153504
published 4 Dec 2022
disclosed 4 Dec 2022
credit David Leadbeater

Report a new vulnerability Found a mistake?

Introduced: 4 Dec 2022

CVE-2022-23465 Open this link in a new tab CWE-77 Open this link in a new tab

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

Affected versions of this package are vulnerable to Arbitrary Command Execution. An attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

References

GitHub Commit