N/A

qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.

N/A

跨站请求伪造(CSRF)

qutebrowser 跨站请求伪造漏洞

qutebrowser是一款具有图形界面的键盘式开源浏览器。 qutebrowser 1.4.1之前版本中存在跨站请求伪造漏洞。远程攻击者可借助恶意的网站利用该漏洞执行任意代码。

N/A

N/A