Security Advisory

CVE-2017-18266

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-05-10 14:00:00

Last updated 2024-08-05 21:13:49

Assigner mitre

State PUBLISHED

Description

The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.

← Browse all CVEs View on cve.org ↗