{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "3.4.21" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta1" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta10" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta2" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta3" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta4" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta5" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta6" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta7" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta8" }, { "introduced": "0" }, { "last_affected": "3.5.0-beta9" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "5109376c9796394b8ab403d2f60d4a5973df56bc" }, { "introduced": "0" }, { "last_affected": "5f3eb40b42f0997fc94c5a3792ce2bfeb87b62a6" }, { "introduced": "0" }, { "last_affected": "29c79d9cba34847b1d870fd2c982d3cc480066f7" }, { "introduced": "0" }, { "last_affected": "ee9d30a5ca6283bda0ffdf55fe91ca578a5137a3" }, { "introduced": "0" }, { "last_affected": "a3766aabba5779c8b1cecc67a99a7f44284d9079" }, { "introduced": "0" }, { "last_affected": "3e744edddbbd7da8e384ecb569e57c5881cea24b" }, { "introduced": "0" }, { "last_affected": "ed0fac7746a615b41316f2efe923eac9bd7e5ef8" }, { "introduced": "0" }, { "last_affected": "84e01988352a6e1a47e5393fb553e1100a8e9373" }, { "introduced": "0" }, { "last_affected": "f4e1a9d1e6576b9d6e0eaaab40d27302ba78acf8" }, { "introduced": "0" }, { "last_affected": "ebbfaa7636f096c8ac24a6e5c9139184c2667b07" }, { "introduced": "0" }, { "last_affected": "b4a3e880a698bd98c4151fe739524c93c7032c8e" } ], "repo": "https://github.com/gnachman/iterm2", "type": "GIT" }, { "events": [ { "introduced": "0" }, { "fixed": "de3d351e1bd3bc1c1a4f85fe976c592e497dd071" } ], "repo": "https://gitlab.com/gnachman/iterm2", "type": "GIT" } ] } ], "details": "iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.", "id": "CVE-2023-46321", "modified": "2026-04-01T23:09:47.573957821Z", "published": "2023-10-23T00:15:08.517Z", "references": [ { "type": "ADVISORY", "url": "https://iterm2.com/downloads.html" }, { "type": "ADVISORY", "url": "https://gitlab.com/gnachman/iterm2/-/commit/de3d351e1bd3bc1c1a4f85fe976c592e497dd071" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }