Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-17535

Опубликовано: 14 дек. 2017
Источник: debian
EPSS Низкий

Описание

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
gjots2unfixedpackage

Примечания

  • https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188

EPSS

Процентиль: 67%
0.00545
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-17535

CVSS3: 8.8
ubuntu
около 8 лет назад

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

nvd логотип

CVE-2017-17535

CVSS3: 8.8
nvd
около 8 лет назад

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

github логотип

GHSA-fmff-qfhq-37jm

CVSS3: 8.8
github
больше 3 лет назад

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

EPSS

Процентиль: 67%
0.00545
Низкий