CVE-2024-38396 PoC — iTerm2 安全漏洞

Source

https://github.com/vin01/poc-cve-2024-38396

Associated Vulnerability

Title:iTerm2 安全漏洞 (CVE-2024-38396)
Description:iTerm2是一款为Mac OS X编写的终端仿真程序。 iTerm2 3.5.2之前的3.5.x版本存在安全漏洞，该漏洞源于未经过滤地使用转义序列报告窗口标题，允许攻击者将任意代码注入终端。

Description

PoC for iTerm2 CVEs CVE-2024-38396 and CVE-2024-38395 which allow code execution

Readme

# CVE-2024-38396 and CVE-2024-38395

This PoC can e used either via a `docker run` or simply `cat`. This repository contains the docker file for `vin01/escape-seq-test:cve-2024-38396`. The PoC simply opens a calculator on OS X.

How to run:

Example 1.  `cat simpler-poc-title-report-code-execution.txt`

Example 2. `docker run --rm vin01/escape-seq-test:cve-2024-38396`

File Snapshot


 [4.0K]  /data/pocs/db1486a3322f7c657348b10707885f1790a56a0f
├── [  89]  Dockerfile
├── [ 371]  README.md
└── [  59]  simpler-poc-title-report-code-execution.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!