CVE-2023-46322

Name of the Vulnerable Software and Affected Versions iTerm2 versions prior to 3.5.0beta12

Description The issue is related to the iTermSessionLauncher.m component in iTerm2, which does not properly sanitize ssh hostnames in URLs. This allows hostnames with non-alphanumeric initial characters and other characters outside the set of alphanumeric characters, dash, and period.

Recommendations For versions prior to 3.5.0beta12, update to version 3.5.0beta12 or later to resolve the issue. As a temporary workaround, consider restricting the use of ssh hostnames with non-standard characters until a patch is applied.