Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-17524

Опубликовано: 14 дек. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:swi-prolog:swi-prolog:7.2.3:*:*:*:*:*:*:*

EPSS

Процентиль: 67%
0.00545
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

ubuntu логотип

CVE-2017-17524

CVSS3: 8.8
ubuntu
около 8 лет назад

library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

debian логотип

CVE-2017-17524

CVSS3: 8.8
debian
около 8 лет назад

library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings b ...

github логотип

GHSA-ccjx-r2j4-h5rc

CVSS3: 8.8
github
больше 3 лет назад

library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

EPSS

Процентиль: 67%
0.00545
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-74