CVE-2023-39342

Name of the Vulnerable Software and Affected Versions Dangerzone versions prior to 0.4.2

Description The issue affects the Dangerzone CLI, where output from the container is logged to the user's terminal. If the container is compromised, an attacker may spoof messages in the terminal or change the window title by returning attacker-controlled strings. Additionally, if sanitized files contain ANSI escape sequences, the same issue applies. This issue predominantly affects CLI users, as Dangerzone is mainly a GUI application.

Recommendations For versions prior to 0.4.2, update to version 0.4.2 to resolve the issue. As a temporary workaround, consider avoiding the use of the dangerzone-cli command until the update is applied. Restrict the use of files that may contain ANSI escape sequences to minimize the risk of exploitation.