← back
CVE-2024-38395

CVE-2024-38395

CVSS 9.8 CRITICALEPSS 1.5%CWE-94
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Jun 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://gitlab.com/gnachman/iterm2/-/commit/f1e89f78dd72dcac3ba66d3d6f93db3f7f649219https://gitlab.com/gnachman/iterm2/-/tags/v3.5.2https://iterm2.com/downloads.htmlhttps://www.openwall.com/lists/oss-security/2024/06/15/1http://www.openwall.com/lists/oss-security/2024/06/17/1