Homepage
About Snyk

Arbitrary Command Execution Affecting github.com/migueldeicaza/SwiftTerm package, versions *

Severity

 Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.06% (28th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-SWIFT-MIGUELDEICAZASWIFTTERM-3153504
  • published 4 Dec 2022
  • disclosed 4 Dec 2022
  • credit David Leadbeater
Report a new vulnerability Found a mistake?

Introduced: 4 Dec 2022

CVE-2022-23465 Open this link in a new tab
CWE-77 Open this link in a new tab

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

Affected versions of this package are vulnerable to Arbitrary Command Execution. An attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

References

CVSS Scores

version 3.1
Expand this section

Snyk

Recommended
7.1 high
  • Attack Vector (AV)
    Local
  • Attack Complexity (AC)
    Low
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Changed
  • Confidentiality (C)
    High
  • Integrity (I)
    Low
  • Availability (A)
    None
Expand this section

NVD

7.8 high