Xdg Utils
Monthly
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.