XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
CPE | Name | Operator | Version |
---|---|---|---|
debian_linux | eq | 9.0 | |
debian_linux | eq | 10.0 | |
debian_linux | eq | 11.0 | |
exo | ge | 4.17.0 | |
exo | lt | 4.17.2 | |
exo | lt | 4.16.4 |