{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "7.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "8.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.0" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "14.04" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "16.04" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "17.10" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "18.04" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "1.1.3" } ] }, "events": [ { "introduced": "0" }, { "fixed": "159fc37075db2decf446f453fe1a796da6921aad" } ], "repo": "https://gitlab.freedesktop.org/xdg/xdg-utils", "type": "GIT" } ] } ], "details": "The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.", "id": "CVE-2017-18266", "modified": "2026-03-15T21:50:03.110387756Z", "published": "2018-05-10T14:29:00.207Z", "references": [ { "type": "ADVISORY", "url": "https://usn.ubuntu.com/3650-1/" }, { "type": "ADVISORY", "url": "https://www.debian.org/security/2018/dsa-4211" }, { "type": "ADVISORY", "url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2" }, { "type": "ADVISORY", "url": "https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog" }, { "type": "ADVISORY", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00014.html" }, { "type": "FIX", "url": "https://bugs.freedesktop.org/show_bug.cgi?id=103807" }, { "type": "FIX", "url": "https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }