Argument Injection Vulnerability in xdg-open Affected by XDG Utils
CVE-2017-18266

8.8HIGH

Key Information:

Vendor

Freedesktop

Status
Xdg-utils
Vendor
CVE Published:
10 May 2018

What is CVE-2017-18266?

The open_envvar function in xdg-open, part of the xdg-utils suite prior to version 1.1.3, fails to properly validate strings from the BROWSER environment variable before executing them. This oversight invites remote attackers to exploit the vulnerability through crafted URLs, potentially leading to argument injection attacks. Such vulnerabilities allow malicious entities to execute arbitrary commands, emphasizing the need for strict input validation and appropriate security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce8...
x_refsource_MISC
https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog
x_refsource_MISC
https://usn.ubuntu.com/3650-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.