CVE-2017-17532

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-17532
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-17532.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-17532
Published
2017-12-14T16:29:01Z
Modified
2024-07-07T18:00:15.806936Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

References

Affected packages

Debian:12 / kiwi

Package

Name
kiwi
Purl
pkg:deb/debian/kiwi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.24.56-1
9.25.5-1
9.25.11-1
9.25.12-1
9.25.13-1
9.25.14-1
9.25.17-1
9.25.18-1
9.25.19-1
9.25.20-1
9.25.21-1
9.25.22-1

Ecosystem specific

{
    "urgency": "unimportant"
}