VYPR

Xdg Utils

by Xorg

Source repositories

CVEs (5)

  • CVE-2025-52968LowJun 23, 2025
    risk 0.18cvss 2.7epss 0.00

    xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange…

  • CVE-2020-27748Jun 1, 2021
    risk 0.00cvss epss 0.01

    A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically…

  • CVE-2017-18266HigMay 10, 2018
    risk 0.00cvss 8.8epss 0.02

    The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s…

  • CVE-2014-9622Jan 21, 2015
    risk 0.00cvss epss 0.03

    Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.

  • CVE-2009-0068Jan 7, 2009
    risk 0.00cvss epss 0.02

    Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as…