Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
Max CVSS
6.8
EPSS Score
1.03%
Published
2015-01-21
Updated
2017-07-01
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
Max CVSS
6.8
EPSS Score
3.67%
Published
2008-02-04
Updated
2024-01-09
2 vulnerabilities found