iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:NIterm2
APPIterm23.5.6 – 3.5.11 (bez)
Related vulnerabilities
iTerm2: RCE przez niezastosowanie ustawienia tytułu okna terminala
iTerm2: wstrzyknięcie kodu przez sekwencję escape w integracji tmux (RCE)
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have ...
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's in...
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequen...