60 matches found
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
TencentOS Server 2: python3 (TSSA-2026:0282)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0282 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
CLSA-2026-1778002331 python3: Fix of CVE-2026-4519
CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...
CLSA-2026-1778000974 python3: Fix of CVE-2026-4519
CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...
CLSA-2026-1778015238 python: Fix of CVE-2026-4519
CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...
CLSA-2026-1778002076 python3: Fix of CVE-2026-4519
CVE-2026-4519: reject leading dashes in webbrowser URLs to prevent CLI option injection in pydoc/subprocess...
CLSA-2026-1777946871 python: Fix of CVE-2026-4519
CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...
CLSA-2026-1777946712 python: Fix of CVE-2026-4519
CVE-2026-4519: reject leading dashes in webbrowser URLs that could be treated as command-line options by external browsers; also close a %action-substitution bypass of the check in UnixBrowser.open...
CLSA-2026-1777944042 Fix CVE(s): CVE-2025-8194, CVE-2026-4519, CVE-2026-4786
SECURITY UPDATE: tarfile DoS via negative member offsets - debian/patches/CVE-2025-8194.patch: validate that member offsets are non-negative in Lib/tarfile.py. - CVE-2025-8194 SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch:...
CLSA-2026-1777548458 Fix CVE(s): CVE-2026-4519, CVE-2026-4786
SECURITY UPDATE: webbrowser.open accepts URLs with leading dashes - debian/patches/CVE-2026-4519-CVE-2026-4786.patch: reject URLs whose lstrip starts with '-' in Lib/webbrowser.py; also fix bypass via %action substitution in UnixBrowser.open. - CVE-2026-4519 - CVE-2026-4786...
CLSA-2026-1777456062 python3: Fix of CVE-2026-4519
CVE-2026-4519: reject leading dashes in webbrowser URLs...
TencentOS Server 3: python3 (TSSA-2026:0258)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0258 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...
python: Python: Command-line option injection in webbrowser.open() via crafted URLs
A flaw was found in Python. The webbrowser.open API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options,...