scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.
{ "nvd_published_at": "2017-12-14T16:29:00Z", "cwe_ids": [ "CWE-74" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-04-22T22:43:59Z" }