3 matches found
CVE-2017-17535
lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL...
CVE-2017-17535
Removed by vendor...
CVE-2017-17535
CVE-2017-17535 affects the open‑source GUI component of Bob Hepple’s gjots2 2.4.1, specifically the file lib/gui.py . The vulnerability arises from not validating strings before launching the program specified by the BROWSER environment variable, which could allow a remote attacker to perform an ...