Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-17522

Опубликовано: 14 дек. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.8
CVSS3: 8.8

Описание

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting

РелизСтатусПримечание
artful

not-affected

bionic

not-affected

devel

not-affected

disco

not-affected

eoan

not-affected

esm-apps/bionic

not-affected

esm-apps/focal

not-affected

esm-apps/jammy

not-affected

esm-apps/xenial

not-affected

esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected]

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
artful

not-affected

bionic

not-affected

devel

DNE

disco

not-affected

eoan

not-affected

esm-apps/focal

not-affected

esm-apps/jammy

not-affected

esm-infra-legacy/trusty

not-affected

esm-infra/bionic

not-affected

esm-infra/xenial

not-affected

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

not-affected

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
artful

DNE

bionic

DNE

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

not-affected

esm-infra/focal

DNE

esm-infra/xenial

not-affected

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

not-affected

bionic

not-affected

devel

DNE

disco

DNE

eoan

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

РелизСтатусПримечание
artful

not-affected

bionic

not-affected

devel

DNE

disco

not-affected

eoan

not-affected

esm-apps/bionic

not-affected

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 67%
0.00554
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-17522

CVSS3: 5.3
redhat
почти 8 лет назад

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting

nvd логотип

CVE-2017-17522

CVSS3: 8.8
nvd
почти 8 лет назад

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting

msrc логотип

CVE-2017-17522

CVSS3: 8.8
msrc
около 1 года назад

Описание отсутствует

debian логотип

CVE-2017-17522

CVSS3: 8.8
debian
почти 8 лет назад

Lib/webbrowser.py in Python through 3.6.3 does not validate strings be ...

github логотип

GHSA-3qjm-23v2-9v26

CVSS3: 8.8
github
больше 3 лет назад

** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting.

EPSS

Процентиль: 67%
0.00554
Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

Уязвимость CVE-2017-17522