Описание
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
Отчет
This issue affects the versions of xdg-utils as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | xdg-utils | Not affected | ||
| Red Hat Enterprise Linux 7 | xdg-utils | Affected | ||
| Red Hat Enterprise Linux 8 | xdg-utils | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2
Связанные уязвимости
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported ...
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
EPSS
7.8 High
CVSS3
6.8 Medium
CVSS2