Lucene search
MitreVULNRICHMENT:CVE-2017-17520HistoryDec 14, 2017 - 4:00 p.m.
CVE-2017-17520
2017-12-1416:00:00
mitre
github.com
5
AI Score
7.2
Confidence
Low
EPSS
0.002
Percentile
54.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
tools/url_handler.pl in TIN 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has reported that this is intentional behavior, because the documentation states "url_handler.pl was designed to work together with tin which only issues shell escaped absolute URLs.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:debian:tin:2.4.1:*:*:*:*:*:*:*"
],
"vendor": "debian",
"product": "tin",
"versions": [
{
"status": "affected",
"version": "2.4.1"
}
],
"defaultStatus": "unknown"
}
]Related
redhatcve
redhatcve
CVE-2017-17520
2022-05-20 23:37:58
prion
prion
Design/Logic Flaw
2017-12-14 16:29:00
cve
cve
CVE-2017-17520
2017-12-14 16:29:00
nvd
nvd
CVE-2017-17520
2017-12-14 16:29:00
ubuntucve
ubuntucve
CVE-2017-17520
2017-12-14 00:00:00
cvelist
cvelist
CVE-2017-17520
2017-12-14 16:00:00
debiancve
debiancve
CVE-2017-17520
2017-12-14 16:29:00
AI Score
7.2
Confidence
Low
EPSS
0.002
Percentile
54.5%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2017-17520