CVE-2017-17532

Severity CVSS v4.0:
Pending analysis
Type:
CWE-74 Injection
Publication date:
14/12/2017
Last modified:
20/04/2025

Description

examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:kiwi_project:kiwi:1.9.22:*:*:*:*:*:*:*