Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-17512

Опубликовано: 11 дек. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.8

Описание

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.

РелизСтатусПримечание
artful

released

0.0.10ubuntu0.1
devel

not-affected

0.0.11
esm-infra-legacy/trusty

released

0.0.9ubuntu0.14.04.1
esm-infra/xenial

released

0.0.9ubuntu0.16.04.1
precise/esm

ignored

trusty

released

0.0.9ubuntu0.14.04.1
trusty/esm

released

0.0.9ubuntu0.14.04.1
upstream

released

0.0.11
xenial

released

0.0.9ubuntu0.16.04.1
zesty

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 69%
0.00594
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-17512

CVSS3: 8.8
nvd
около 8 лет назад

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.

debian логотип

CVE-2017-17512

CVSS3: 8.8
debian
около 8 лет назад

sensible-browser in sensible-utils before 0.0.11 does not validate str ...

github логотип

GHSA-fc69-2v7r-7r95

CVSS3: 8.8
github
больше 3 лет назад

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.

EPSS

Процентиль: 69%
0.00594
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3