Minchinweb

**Name of the Vulnerable Software and Affected Versions** topydo (affected versions not specified) **Description** The issue is related to improper input validation in the `ListFormatParser::parse` function, located in the `topydo/lib/ListFormat.py` file. This can lead to the injection of arbitrary bytes to the terminal, including terminal escape code sequences. The attack appears to be exploitable if the victim opens a todo.txt file with at least one specially crafted line. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.