CVE-2023-46301

Name of the Vulnerable Software and Affected Versions iTerm2 versions prior to 3.4.20

Description The issue is related to the mishandling of certain escape sequences related to upload, which can allow potentially remote code execution. This is due to a lack of proper output encoding or escaping mechanism in the terminal emulator. An attacker could exploit this issue to execute arbitrary code.

Recommendations For versions prior to 3.4.20, update to version 3.4.20 or later to resolve the issue. As a temporary workaround, consider disabling the handling of escape sequences related to upload until a patch is available. Restrict access to potentially vulnerable features to minimize the risk of exploitation.