CVE-2017-17512
Description
sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.594
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Utilities for sensible alternative selection (USN-3584-1) sensible-utils_0.0.10ubuntu0.1_all.deb | Linux |
| Utilities for sensible alternative selection (USN-3584-1) sensible-utils_0.0.9ubuntu0.14.04.1_all.deb | Linux |
| Utilities for sensible alternative selection (USN-3584-1) sensible-utils_0.0.9ubuntu0.16.04.1_all.deb | Linux |
| sensible-utils security update(DSA-4071-1) sensible-utils_0.0.9+deb8u1_all.deb | Linux |
| sensible-utils security update(DSA-4071-1) sensible-utils_0.0.9+deb9u1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234