{"id":"CVE-2023-46301","details":"iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.","modified":"2026-05-19T11:56:07.230951035Z","published":"2023-10-22T00:00:00Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46301.json"},"references":[{"type":"WEB","url":"https://iterm2.com/news.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/46xxx/CVE-2023-46301.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46301"},{"type":"FIX","url":"https://github.com/gnachman/iTerm2/commit/85cbf5ebda472c9ec295887e99c2b6f1b5867f1b"},{"type":"FIX","url":"https://github.com/gnachman/iTerm2/commit/b2268b03b5f3d4cd8ca275eaef5d16d0fac20009"},{"type":"ARTICLE","url":"https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gnachman/iterm2","events":[{"introduced":"833c26999072e97d2468cfa88fc274157e879aee"},{"fixed":"21b7f7c088abef8fca4999718cb77db1b5e87819"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-46301.json"}}],"schema_version":"1.7.5"}