High severity8.8NVD Advisory· Published Dec 14, 2017· Updated May 13, 2026
CVE-2017-17516
CVE-2017-17516
Description
scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rtvPyPI | <= 1.19.0 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-336h-q7mh-8vf8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-17516ghsaADVISORY
- security-tracker.debian.org/tracker/CVE-2017-17516nvdIssue TrackingThird Party AdvisoryWEB
- github.com/michael-lazar/rtv/issues/531ghsaWEB
News mentions
0No linked articles in our index yet.