xterm is vulnerable to Command Injection. The vulnerability exists because an OSC 50 response may have Ctrl-g causing an attacker to inject arbitrary commands in the system.
www.openwall.com/lists/oss-security/2022/11/10/1
www.openwall.com/lists/oss-security/2022/11/10/5
invisible-island.net/xterm/xterm.log.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC/
lists.fedoraproject.org/archives/list/[email protected]/message/4TPVNTYFFWNTGZJJQAA4MGGFSTXA4XEA/
lists.fedoraproject.org/archives/list/[email protected]/message/5T2JI5JCHPTXX2KJU45H2XAHQSFVEJ2Y/
lists.fedoraproject.org/archives/list/[email protected]/message/IVD3I2ZFXGOY6BA2FNS7WPFMPFBDHFWC/
news.ycombinator.com/item?id=33546415
security-tracker.debian.org/tracker/CVE-2022-45063
security.gentoo.org/glsa/202211-09
www.openwall.com/lists/oss-security/2022/11/10/1