Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
xdg-utils xdg-open 安全漏洞
Vulnerability Description
xdg-utils是一套用于帮助应用程序与各种桌面任务进行集成的命令行工具。xdg-open是其中的一个用于打开文件或URL的程序。 xdg-utils 1.1.3之前版本中的xdg-open的‘open_envvar’函数存在安全漏洞,该漏洞源于程序在启动由BROWSER环境变量指定的程序之前没有验证字符串。远程攻击者可借助特制的URL利用该漏洞重定向浏览器流量。
CVSS Information
N/A
Vulnerability Type
N/A