CVE-2023-46322 Information

Description

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname’s initial character may be non-alphanumeric. The hostname’s other characters may be outside the set of alphanumeric characters dash and period.

Reference

https://iterm2.com/downloads.html https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01