VDB

GCVE-VVD-MAGEIA-2018-289

GCVE-VVD-MAGEIA-2018-289
Advisory Published
Vulnetix · Advisory published June 19, 2018
Updated xdg-utils package fixes security vulnerability: The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable (CVE-2017-18266).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiaxdg-utils0 (affected), 1.1.3-1.mga6 (unaffected)

Aliases

CVE-2017-18266

Transitive aliases

BDU:2020-01814GSD-2017-18266CNVD-2018-13769SUSE-SU-2018:1497-1EUVD-2017-9393OPENSUSE-SU-2024:11518-1GHSA-76r6-j2q8-m63q

References

Updated xdg-utils package fixes security vulnerability
advisory
Updated xdg-utils package fixes security vulnerability
issue
Updated xdg-utils package fixes security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›