[New-bugs-announce] [issue32367] CVE-2017-17522: webbrowser.py in Python does not validate strings
STINNER Victor
report at bugs.python.org
Mon Dec 18 11:29:03 EST 2017
New submission from STINNER Victor <victor.stinner at gmail.com>:
https://security-tracker.debian.org/tracker/CVE-2017-17522
Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
----------
components: Library (Lib)
messages: 308572
nosy: vstinner
priority: normal
severity: normal
status: open
title: CVE-2017-17522: webbrowser.py in Python does not validate strings
type: security
versions: Python 2.7, Python 3.4, Python 3.5, Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue32367>
_______________________________________
More information about the New-bugs-announce
mailing list