|Number of vulnerabilities||1|
|CVE ID|| CVE-2017-18266
|Public exploit||Public exploit code for vulnerability #1 is available.|
|Vulnerable software versions||
The vulnerability allows a remote unauthenticated attacker to conduct argument injection attack on the target system.
The weakness exists in the open_envvar function in the xdg-open component due to improper validation of user-supplied input. A remote attacker can trick the victim into following a specially crafted link that is designed to modify the BROWSER environment variable, conduct argument-injection attack, redirect the user's browser traffic to an attacker-controlled site and execute arbitrary commands.
Update to version 1.1.3.External links