Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rgp9-mx7h-rwqv

Опубликовано: 29 апр. 2022
Источник: github
Github: Не прошло ревью

Описание

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

EPSS

Процентиль: 91%
0.06491
Низкий

Дефекты

CWE-20
CWE-88

Связанные уязвимости

redhat
больше 21 года назад

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

nvd
около 21 года назад

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

debian
около 21 года назад

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properl ...

EPSS

Процентиль: 91%
0.06491
Низкий

Дефекты

CWE-20
CWE-88