CVE-2017-17516

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-17516

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17516.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-17516

Aliases

GHSA-336h-q7mh-8vf8

Downstream

DEBIAN-CVE-2017-17516

UBUNTU-CVE-2017-17516

Published

2017-12-14T16:29:00.480Z

Modified

2025-11-20T10:39:07.286070Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

References

https://security-tracker.debian.org/tracker/CVE-2017-17516

Affected packages

Git / github.com/michael-lazar/rtv

Affected ranges

Type: GIT
Repo: https://github.com/michael-lazar/rtv
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8af18e8a14a7ad0889f4f3ec67fd8d835231ee45

Affected versions

v1.*

v1.0

v1.0a2

v1.0a3

v1.0a4

v1.0a5

v1.0a6

v1.0a7

v1.0a9

v1.1

v1.1.1

v1.10.0

v1.11.0

v1.12.0

v1.12.1

v1.13.0

v1.14.1

v1.15.0

v1.15.1

v1.16.0

v1.17.0

v1.17.1

v1.18.0

v1.19.0

v1.2

v1.2.1

v1.2.2

v1.3

v1.4

v1.4.1

v1.4.2

v1.5

v1.6

v1.6.1

v1.7.0

v1.8.0

v1.8.1

v1.9.0

v1.9.1