Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SwiftTerm vulnerable to arbitrary command execution
Vulnerability Description
SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
SwiftTerm 安全漏洞
Vulnerability Description
SwiftTerm是Miguel de Icaza个人开发者的一个用于 Swift 应用程序的 VT100/Xterm 终端仿真器库。 SwiftTerm存在安全漏洞,该漏洞源于攻击者可以通过特定的字符转义序列修改窗口标题,然后将其插入回用户终端的命令行,这可能允许攻击者执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A