PT-2024-37077 · Ghostty · Ghostty
Dgl
+1
·
Published
2024-12-31
·
Updated
2025-01-01
·
CVE-2024-56803
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Ghostty version 1.0.0
Description:
Ghostty is a cross-platform terminal emulator that allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This could allow the attacker to execute arbitrary commands when the user views a file containing the malicious sequence and physically presses the "enter" key.
Recommendations:
For Ghostty version 1.0.0, update to Ghostty v1.0.1 to resolve the issue. As a temporary workaround, consider avoiding the use of files that may contain malicious escape sequences until the update is applied. Restrict user interaction with potentially malicious input to minimize the risk of exploitation.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ghostty