3 matches found
CLSA-2026-1778142589 python3: Fix of 2 CVEs
CVE-2026-4519: reject leading dashes in webbrowser URLs to block command-line option injection via webbrowser.open - CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519 dash-prefix check...
CLSA-2026-1778087756 python3: Fix of 2 CVEs
CVE-2026-4519: reject leading dashes in webbrowser URLs to block command-line option injection via webbrowser.open - CVE-2026-4786: validate the post-substitution URL in webbrowser UnixBrowser.open so that "%action" cannot smuggle a dash-prefixed flag past the CVE-2026-4519 dash-prefix check...
CLSA-2026-1777891107 python3.11: Fix of CVE-2026-4786
CVE-2026-4786: fix webbrowser %action substitution bypass of the dash-prefix safety check by validating the post-substitution URL and expanding %action before %s in UnixBrowser argument assembly...