qutebrowser is vulnerable to remote code execution (RCE) through cross-site request forgery (CSRF) attacks. The vulnerability exists due to a CSRF issue which allows a website with an `` tag to load the qute://settings/set
URL which sets editor.command
into a bash script, resulting in RCE attacks.
CPE | Name | Operator | Version |
---|---|---|---|
qutebrowser | eq | 1.4.0 | |
qutebrowser | le | 1.2.1 | |
qutebrowser | le | 1.1.2 | |
qutebrowser | le | 1.3.3 |
seclists.org/oss-sec/2018/q3/29
www.openwall.com/lists/oss-security/2018/07/11/7
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10895
github.com/qutebrowser/qutebrowser/commit/22148ce488da52e8a0e01ed937c0cfdb24d34775
github.com/qutebrowser/qutebrowser/commit/43e58ac865ff862c2008c510fc5f7627e10b4660
github.com/qutebrowser/qutebrowser/commit/c2ff32d92ba9bf40ff53498ee04a4124d4993c85
github.com/qutebrowser/qutebrowser/commit/c3361c31b370140f323e481dd455450b1e74c099
github.com/qutebrowser/qutebrowser/commit/ff686ff7f395d83e5ac48507ecfae0b0e97a61ef
github.com/qutebrowser/qutebrowser/issues/4060