Security Advisory

CVE-2018-10895

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-07-12 12:00:00

Last updated 2024-08-05 07:54:36

Assigner redhat

State PUBLISHED

Description

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access qute://* URLs. A malicious website could exploit this to load a qute://settings/set URL, which then sets editor.command to a bash script, resulting in arbitrary code execution.

← Browse all CVEs View on cve.org ↗