GCVE-VVD-MAGEIA-2018-289 — Vulnetix

Try Vulnetix Request Demo

GCVE-VVD-MAGEIA-2018-289

Advisory Published

Vulnetix · Advisory published June 19, 2018

Updated xdg-utils package fixes security vulnerability: The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable (CVE-2017-18266).

Download JSON Open in Console

Affected Products

Vendor	Product	Versions	Platforms
Mageia	xdg-utils	0 (affected), 1.1.3-1.mga6 (unaffected)	—

Aliases

Transitive aliases

BDU:2020-01814 GSD-2017-18266 CNVD-2018-13769 SUSE-SU-2018:1497-1 EUVD-2017-9393 OPENSUSE-SU-2024:11518-1 GHSA-76r6-j2q8-m63q

References

Updated xdg-utils package fixes security vulnerability

advisory

Updated xdg-utils package fixes security vulnerability

issue

Updated xdg-utils package fixes security vulnerability

issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON