Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
未保护的候选通道
Vulnerability Title
xdg-utils 安全漏洞
Vulnerability Description
xdg-utils是xdg组织的一个为桌面系统提供集成功能的软件。 xdg-utils 1.2.1及之前版本存在安全漏洞,该漏洞源于xdg-open可能发送包含SameSite=Strict cookie的请求,可能导致跨站请求伪造。
CVSS Information
N/A
Vulnerability Type
N/A