CVE-2023-30844

Name of the Vulnerable Software and Affected Versions Mutagen versions prior to 0.16.6 Mutagen versions prior to 0.17.1 mutagen-compose versions prior to 0.17.1

Description The issue affects Mutagen's list and monitor commands, making them susceptible to control characters provided by remote endpoints. This could cause terminal corruption if these characters are present in error messages or file paths/names. The issue could be used as an attack vector when synchronizing with untrusted remote endpoints or forwarding to/from them. On older systems with vulnerable terminals, it could theoretically lead to code execution.

Recommendations For Mutagen versions prior to 0.16.6, update to version 0.16.6 or later to resolve the issue. For Mutagen versions prior to 0.17.1, update to version 0.17.1 or later to resolve the issue. For mutagen-compose versions prior to 0.17.1, update to version 0.17.1 or later to resolve the issue. As a temporary workaround, avoid synchronizing untrusted files or interacting with untrusted remote endpoints to mitigate the risk.