GHSA-336h-q7mh-8vf8

Source

https://github.com/advisories/GHSA-336h-q7mh-8vf8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-336h-q7mh-8vf8/GHSA-336h-q7mh-8vf8.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-336h-q7mh-8vf8

Aliases

CVE-2017-17516

Published

2022-05-14T04:01:38Z

Modified

2024-04-22T23:12:43.911163Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Reddit Terminal Viewer (RTV) vulnerable to argument injection attacks

Details

scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Database specific

{
    "nvd_published_at": "2017-12-14T16:29:00Z",
    "cwe_ids": [
        "CWE-74"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-22T22:43:59Z"
}

References

Affected packages

PyPI / rtv

Package

Name: rtv; View open source insights on deps.dev
Purl: pkg:pypi/rtv

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.19.0

Affected versions

1.*

1.0a2

1.0a3

1.0a4

1.0a5

1.0a6

1.0a7

1.0a8

1.0a9

1.0

1.0.post1

1.1

1.1.1

1.1.2

1.2

1.2.1

1.2.2

1.3

1.4

1.4.1

1.4.2

1.5

1.6

1.6.1

1.7.0

1.8.0

1.8.1

1.9.0

1.9.1

1.10.0

1.11.0

1.12.0

1.12.1

1.13.0

1.13.1

1.14.1

1.15.0

1.15.1

1.16.0

1.17.0

1.17.1

1.18.0

1.19.0