{"id":"CVE-2017-18266","details":"The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by %s in this environment variable.","modified":"2026-04-16T06:21:11.650992223Z","published":"2018-05-10T14:29:00.207Z","related":["SUSE-SU-2018:1497-1","openSUSE-SU-2024:11518-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3650-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2018/dsa-4211"},{"type":"ADVISORY","url":"https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=5647afb35e4bcba2060148e1a2a47bc43cc240f2"},{"type":"ADVISORY","url":"https://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/05/msg00014.html"},{"type":"FIX","url":"https://bugs.freedesktop.org/show_bug.cgi?id=103807"},{"type":"FIX","url":"https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/xdg/xdg-utils","events":[{"introduced":"0"},{"fixed":"159fc37075db2decf446f453fe1a796da6921aad"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1.3"}]}}],"versions":["start","tmp","v1.0","v1.0-beta1","v1.0-beta3","v1.0-beta4","v1.0-rc1","v1.0.1","v1.0.2","v1.1.0","v1.1.0-rc1","v1.1.0-rc2","v1.1.0-rc3","v1.1.1","v1.1.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18266.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}