Описание
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | released | 1.1.1-1ubuntu0.1 |
| devel | not-affected | |
| esm-apps/bionic | released | 1.1.1-1ubuntu0.1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 1.4.1-1 |
| xenial | DNE |
Показывать по
6.8 Medium
CVSS2
9.3 Critical
CVSS3
Связанные уязвимости
qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash script, resulting in arbitrary code execution.
qutebrowser before version 1.4.1 is vulnerable to a cross-site request ...
6.8 Medium
CVSS2
9.3 Critical
CVSS3