Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations
Vulnerability Description
Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 (Ctrl+C) in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop malicious text. The attack requires user interaction to be triggered, but the dangerous characters are invisible in most GUI environments so it isn't trivially detected, especially if the string contents are complex. Fixed in Ghostty v1.3.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Ghostty 操作系统命令注入漏洞
Vulnerability Description
Ghostty是Ghostty开源的一个快速、原生、功能丰富的终端仿真器。 Ghostty v1.3.0之前版本存在操作系统命令注入漏洞,该漏洞源于允许在粘贴和拖放的文本中包含控制字符,可能导致执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A