Python 'Lib/webbrowser.py' Remote Command Execution Vulnerability(CVE-2017-17522)

基本字段

漏洞编号:
SSV-96998
披露/发现时间:
2017-12-14
提交时间:
2017-12-19
漏洞等级:
漏洞类别:
命令执行
影响组件:
Python
漏洞作者:
未知
提交者:
Knownsec
CVE-ID:
CVE-2017-17522
CNNVD-ID:
补充
CNVD-ID:
补充
ZoomEye Dork:
补充

来源

漏洞详情

贡献者 共获得  0KB

Description

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Vulnerable:

  • Python Software Foundation Python 3.6.3
  • Python Software Foundation Python 3.5.2
  • Python Software Foundation Python 3.5
  • Python Software Foundation Python 3.4.5
  • Python Software Foundation Python 3.4.3
  • Python Software Foundation Python 3.4.2
  • Python Software Foundation Python 3.4.1
  • Python Software Foundation Python 3.3.3
  • Python Software Foundation Python 3.3
  • Python Software Foundation Python 3.2.3
  • Python Software Foundation Python 3.2.2
  • Python Software Foundation Python 3.1.1
  • Python Software Foundation Python 3.0.1
  • Python Software Foundation Python 2.7.12
  • Python Software Foundation Python 2.7.10
  • Python Software Foundation Python 2.7.9
  • Python Software Foundation Python 2.7.8
  • Python Software Foundation Python 2.7.7
  • Python Software Foundation Python 2.7.6
  • Python Software Foundation Python 2.7.3
  • Python Software Foundation Python 2.7.2
  • Python Software Foundation Python 2.7
  • Python Software Foundation Python 2.6.5
  • Python Software Foundation Python 2.6.2
  • Python Software Foundation Python 2.5.6
  • Python Software Foundation Python 2.5.5
  • Python Software Foundation Python 2.5.3
  • Python Software Foundation Python 3.7.0
  • Python Software Foundation Python 3.6
  • Python Software Foundation Python 3.5
  • Python Software Foundation Python 3.4.0
  • Python Software Foundation Python 3.4
  • Python Software Foundation Python 3.3.4
  • Python Software Foundation Python 3.3.2
  • Python Software Foundation Python 3.3.1
  • Python Software Foundation Python 3.3
  • Python Software Foundation Python 3.2.6
  • Python Software Foundation Python 3.2.5
  • Python Software Foundation Python 3.2.4
  • Python Software Foundation Python 3.2.1
  • Python Software Foundation Python 3.2.0
  • Python Software Foundation Python 3.2
  • Python Software Foundation Python 3.1.5
  • Python Software Foundation Python 3.1.4
  • Python Software Foundation Python 3.1.3
  • Python Software Foundation Python 3.1.2
  • Python Software Foundation Python 3.1
  • Python Software Foundation Python 2.7.5
  • Python Software Foundation Python 2.7.4
  • Python Software Foundation Python 2.7.1
  • Python Software Foundation Python 2.7
  • Python Software Foundation Python 2.6.8
  • Python Software Foundation Python 2.6.7
  • Python Software Foundation Python 2.6.6
  • Python Software Foundation Python 2.6.3
  • Python Software Foundation Python 2.6
共 0  兑换了

PoC

暂无 PoC

参考链接

解决方案

临时解决方案

暂无临时解决方案

官方解决方案

暂无官方解决方案

防护方案

暂无防护方案

人气 1441
评论前需绑定手机 现在绑定

暂无评论

※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负