Описание
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.
In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...
EPSS
9.8 Critical
CVSS3
10 Critical
CVSS2