CVE-2010-2809
Severity CVSS v4.0:
Pending analysis
Type:
CWE-94
Code Injection
Publication date:
19/08/2010
Last modified:
11/04/2025
Description
The default configuration of the binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
Impact
Base Score 2.0
6.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:uzbl:uzbl:*:*:*:*:*:*:*:* | 2010.04.03 (including) | |
| cpe:2.3:a:uzbl:uzbl:2009.12.22:*:*:*:*:*:*:* | ||
| cpe:2.3:a:uzbl:uzbl:2010.01.04:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975
- http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2
- http://marc.info/?l=oss-security&m=128111493509265&w=2
- http://marc.info/?l=oss-security&m=128111994317381&w=2
- http://www.securityfocus.com/bid/42297
- http://www.uzbl.org/bugs/index.php?do=details&task_id=240
- http://www.uzbl.org/news.php?id=29
- https://bugzilla.redhat.com/show_bug.cgi?id=621964
- https://bugzilla.redhat.com/show_bug.cgi?id=621965
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61011
- http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975
- http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2
- http://marc.info/?l=oss-security&m=128111493509265&w=2
- http://marc.info/?l=oss-security&m=128111994317381&w=2
- http://www.securityfocus.com/bid/42297
- http://www.uzbl.org/bugs/index.php?do=details&task_id=240
- http://www.uzbl.org/news.php?id=29
- https://bugzilla.redhat.com/show_bug.cgi?id=621964
- https://bugzilla.redhat.com/show_bug.cgi?id=621965
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61011