High severity8.8OSV Advisory· Published Dec 14, 2017· Updated Jun 17, 2026
CVE-2017-17527
CVE-2017-17527
Description
delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer has indicated that the code referencing the BROWSER environment variable is never used
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
60.14.0+ 2 more
- (no CPE)range: 0.14.0
- cpe:2.3:a:pasdoc_project:pasdoc:0.14:*:*:*:*:*:*:*
- (no CPE)range: <=0.14
Patches
Vulnerability mechanics
References
1- security-tracker.debian.org/tracker/CVE-2017-17527nvdIssue TrackingThird Party Advisory
News mentions
0No linked articles in our index yet.