Описание
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | released | 1.2.6-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/noble | released | 1.2.6-1 |
| esm-apps/xenial | needed | |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| groovy | released | 1.2.6-1 |
| hirsute | released | 1.2.6-1 |
Показывать по
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.
In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...
EPSS
10 Critical
CVSS2
9.8 Critical
CVSS3