rpm package
opensuse/xdg-utils&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/xdg-utils&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-18266 | Hig | 8.8 | < 1.1.3+20201113-1.2 | 1.1.3+20201113-1.2 | May 10, 2018 | The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s i | |
| CVE-2008-0386 | — | < 1.1.3+20201113-1.2 | 1.1.3+20201113-1.2 | Feb 4, 2008 | Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. |
- affected < 1.1.3+20201113-1.2fixed 1.1.3+20201113-1.2
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s i
- CVE-2008-0386Feb 4, 2008affected < 1.1.3+20201113-1.2fixed 1.1.3+20201113-1.2
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.