You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
Patches
Cmder has been patched as of version 1.3.21.
Workarounds
Ideally you should upgrade but you can update the version of ConEmu in the vendor/sources.json file and run the scripts/build.ps1 file. That should download and unpack the latest version.
Impact
ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
Patches
Cmder has been patched as of version 1.3.21.
Workarounds
Ideally you should upgrade but you can update the version of ConEmu in the
vendor/sources.jsonfile and run thescripts/build.ps1file. That should download and unpack the latest version.References
GHSA-hfcw-j543-xjp3
https://nvd.nist.gov/vuln/detail/CVE-2022-46387
https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635e