Eval Injection Vulnerability in xdg-utils Affects Freedesktop and Gentoo
CVE-2014-9622

Currently unrated

Key Information:

Vendor: Gentoo
Status: Xdg-utils
Vendor: CVE Published:; 21 January 2015

What is CVE-2014-9622?

The eval injection vulnerability in xdg-utils version 1.1.0 RC1 arises when no supported desktop environment is identified. This flaw permits context-dependent attackers to execute arbitrary code through the URL argument in the xdg-open command. This could potentially compromise system integrity and allow for unauthorized actions by executing malicious scripts.

References

https://bugs.freedesktop.org/show_bug.cgi?id=66670

x_refsource_CONFIRM

https://bugs.gentoo.org/show_bug.cgi?id=472888

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2014/Nov/36

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
Jan 17, 2015