VYPR

rpm package

opensuse/xdg-utils&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/xdg-utils&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2017-18266HigMay 10, 2018
    affected < 1.1.3+20201113-1.2fixed 1.1.3+20201113-1.2

    The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s i

  • CVE-2008-0386Feb 4, 2008
    affected < 1.1.3+20201113-1.2fixed 1.1.3+20201113-1.2

    Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.