Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-fmff-qfhq-37jm

Опубликовано: 14 мая 2022
Источник: github
Github: Не прошло ревью
CVSS3: 8.8

Описание

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Ссылки

EPSS

Процентиль: 67%
0.00545
Низкий

8.8 High

CVSS3

CVE ID

CVE-2017-17535

Дефекты

CWE-74

Связанные уязвимости

ubuntu логотип

CVE-2017-17535

CVSS3: 8.8
ubuntu
около 8 лет назад

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

nvd логотип

CVE-2017-17535

CVSS3: 8.8
nvd
около 8 лет назад

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

debian логотип

CVE-2017-17535

CVSS3: 8.8
debian
около 8 лет назад

lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...

EPSS

Процентиль: 67%
0.00545
Низкий

8.8 High

CVSS3

CVE ID

CVE-2017-17535

Дефекты

CWE-74