CVE-2017-17516

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-17516
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-17516.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-17516
Aliases
Related
Published
2017-12-14T16:29:00Z
Modified
2025-07-01T03:56:50.545745Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

References

Affected packages

Debian:11 / rtv

Package

Name
rtv
Purl
pkg:deb/debian/rtv?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.27.0+dfsg-2

Ecosystem specific 

{
    "urgency": "unimportant"
}

Debian:12 / rtv

Package

Name
rtv
Purl
pkg:deb/debian/rtv?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.27.0+dfsg-2

Ecosystem specific 

{
    "urgency": "unimportant"
}

Git / github.com/michael-lazar/rtv

Affected ranges

Type
GIT
Repo
https://github.com/michael-lazar/rtv
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8af18e8a14a7ad0889f4f3ec67fd8d835231ee45

Affected versions

v1.*

v1.0
v1.0a2
v1.0a3
v1.0a4
v1.0a5
v1.0a6
v1.0a7
v1.0a9
v1.1
v1.1.1
v1.10.0
v1.11.0
v1.12.0
v1.12.1
v1.13.0
v1.14.1
v1.15.0
v1.15.1
v1.16.0
v1.17.0
v1.17.1
v1.18.0
v1.19.0
v1.2
v1.2.1
v1.2.2
v1.3
v1.4
v1.4.1
v1.4.2
v1.5
v1.6
v1.6.1
v1.7.0
v1.8.0
v1.8.1
v1.9.0
v1.9.1