CVE-2019-0542

Name of the Vulnerable Software and Affected Versions xterm.js (affected versions not specified)

Description A remote code execution issue exists due to the mishandling of special characters by the xterm.js component. This can allow a remote attacker to execute arbitrary code. The vulnerability is related to the lack of input data sanitization. It was also discovered that this issue could be exploited in the AWS CloudShell service, potentially leading to remote code execution on EC2 servers accessed through the CloudShell console. The successful exploitation of this vulnerability could provide an attacker with a powerful entry point into the AWS infrastructure, including managed Kubernetes services like EKS and ESC.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.