RCE in Gentoo Xdg-utils

CVE-2014-9622

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.033 (86.7th percentile) — read the EPSS interpretation.

Affected products

Gentoo Xdg-utils — versions 1.1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-77 — Command Injection

References

security@debian.org (x_refsource_CONFIRM, Exploit)
security@debian.org (x_refsource_CONFIRM, Exploit)
security@debian.org (mailing-list, Exploit, x_refsource_FULLDISC)
security@debian.org (mailing-list, x_refsource_MLIST)
security@debian.org (x_refsource_SECUNIA, third-party-advisory)
security@debian.org (vdb-entry, x_refsource_BID)
security@debian.org (vendor-advisory, x_refsource_DEBIAN)
security@debian.org (vendor-advisory, x_refsource_GENTOO)