Home > Vulnerability Database > CVE-2024-56803

Mend.io Vulnerability Database

CVE-2024-56803

Date: December 31, 2024

Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. This attack requires an attacker to send malicious escape sequences followed by convincing the user to physically press the "enter" key. Fixed in Ghostty v1.0.1.

Severity Score

6.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-56803

Url: https://github.com/ghostty-org/ghostty/pull/3908

Url: https://github.com/ghostty-org/ghostty/security/advisories/GHSA-5hcq-3j4q-4v6p

Url: https://www.mend.io/vulnerability-database/CVE-2024-56803

Severity Score

6.3

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-56803

Date: December 31, 2024

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?