A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.
https://github.com/xtermjs/xterm.js/releases
https://access.redhat.com/errata/RHSA-2019:2552
https://access.redhat.com/errata/RHSA-2019:2551
https://access.redhat.com/errata/RHSA-2019:1422