Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is impossible because the code relies on subprocess.Popen and the default shell=False setting

🗓️ 18 Aug 2020 07:00:00Reported by MicrosoftType 
mscve
 mscve🔗 msrc.microsoft.com👁 3 Views

Python webbrowser up to 3.6.3 may allow argument injection via unvalidated BROWSER setting.

Related
Detection
ReporterTitlePublishedViews
Family
CBLMariner		CVE-2017-17522 affecting package python2 2.7.18-14
8 Oct 202018:09
cbl_mariner
CBLMariner		CVE-2017-17522 affecting package python2 for versions less than 2.7.18-8
9 Apr 202206:51
cbl_mariner
CNVD		Python 'Lib/webbrowser.py' Remote Command Execution Vulnerability
15 Dec 201700:00
cnvd
CVE		CVE-2017-17522
14 Dec 201716:00
cve
Cvelist		CVE-2017-17522
14 Dec 201716:00
cvelist
Debian CVE		CVE-2017-17522
14 Dec 201716:00
debiancve
F5 Networks		K53955014: Python vulnerabilities CVE-2016-1494, CVE-2016-6536, CVE-2017-17522, CVE-2017-18207, and CVE-2018-1000030
21 Feb 202318:35
f5
NCSC		Vulnerabilities fixed in Juniper Junos Space
19 Apr 202100:00
ncsc
NCSC		Vulnerabilities fixed in Microsoft Mariner
13 Aug 202418:23
ncsc
NVD		CVE-2017-17522
14 Dec 201716:29
nvd
Rows per page
Vulners
Node
microsoftcbl2_python2_2.7.18-8Range<2.7.18-8
OR
microsoftcm1_python2_2.7.18-3Range<2.7.18-3
OR
microsoftpython2_debuginfo_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_test_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_tools_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_devel_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython_curses_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython_xml_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_libs_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_debuginfo_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_test_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_tools_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_devel_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython_curses_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython_xml_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_libs_2.7.18_3.cm1Range<2.7.18-3
OR
microsoftpython2_2.7.18_3.cm1Range<2.7.18-3

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 May 2025 07:00Current
7.9High risk
Vulners AI Score7.9
CVSS 26.8
CVSS 38.8
CVSS 3.18.8
EPSS0.00557
webbrowser modulebrowsing environment variableargument injectionremote URL riskpython vulnerabilitysubprocess callshell usagespecified browser
3