{"containers": {"cna": {"affected": [{"product": "qutebrowser", "vendor": "qutebrowser", "versions": [{"status": "affected", "version": ">= 1.7.0, < 2.4.0"}]}], "descriptions": [{"lang": "en", "value": "qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as `:spawn` or `:debug-pyeval`. Only Windows installs where qutebrowser is registered as URL handler are affected. The issue has been fixed in qutebrowser v2.4.0. The fix also adds additional hardening for potential similar issues on Linux (by adding the new --untrusted-args flag to the .desktop file), though no such vulnerabilities are known."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-77", "description": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-641", "description": "CWE-641: Improper Restriction of Names for Files and Other Resources", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-21T17:35:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430"}], "source": {"advisory": "GHSA-vw27-fwjf-5qxm", "discovery": "UNKNOWN"}, "title": "Arbitrary command execution on Windows in qutebrowser", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41146", "STATE": "PUBLIC", "TITLE": "Arbitrary command execution on Windows in qutebrowser"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "qutebrowser", "version": {"version_data": [{"version_value": ">= 1.7.0, < 2.4.0"}]}}]}, "vendor_name": "qutebrowser"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as `:spawn` or `:debug-pyeval`. Only Windows installs where qutebrowser is registered as URL handler are affected. The issue has been fixed in qutebrowser v2.4.0. The fix also adds additional hardening for potential similar issues on Linux (by adding the new --untrusted-args flag to the .desktop file), though no such vulnerabilities are known."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}, {"description": [{"lang": "eng", "value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}, {"description": [{"lang": "eng", "value": "CWE-641: Improper Restriction of Names for Files and Other Resources"}]}]}, "references": {"reference_data": [{"name": "https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm", "refsource": "CONFIRM", "url": "https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm"}, {"name": "https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430", "refsource": "MISC", "url": "https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430"}]}, "source": {"advisory": "GHSA-vw27-fwjf-5qxm", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:59:31.423Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-41146", "datePublished": "2021-10-21T17:35:10", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-08-04T02:59:31.423Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qutebrowser:qutebrowser:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A51F2F8-D1B6-4749-87C5-6745A246B3FE", "versionEndIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qutebrowser:qutebrowser:*:*:*:*:*:*:*:*", "matchCriteriaId": "F643B197-DBB9-48A2-AD9B-CF2639EDD35A", "versionEndExcluding": "2.4.0", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as `:spawn` or `:debug-pyeval`. Only Windows installs where qutebrowser is registered as URL handler are affected. The issue has been fixed in qutebrowser v2.4.0. The fix also adds additional hardening for potential similar issues on Linux (by adding the new --untrusted-args flag to the .desktop file), though no such vulnerabilities are known."}, {"lang": "es", "value": "qutebrowser es un navegador de c\u00f3digo abierto centrado en el teclado con una Interfaz de Usuario Gr\u00e1fica m\u00ednima. A partir de qutebrowser versi\u00f3n v1.7.0, el instalador de Windows para qutebrowser registra un manejador de URL \"qutebrowserurl:\". Con determinadas aplicaciones, la apertura de una URL \"qutebrowserurl:...\" especialmente dise\u00f1ada puede conllevar a una ejecuci\u00f3n de comandos de qutebrowser, lo que a su vez permite una ejecuci\u00f3n de c\u00f3digo arbitrario por medio de comandos como \":spawn\" o \":debug-pyeval\". S\u00f3lo est\u00e1n afectadas las instalaciones de Windows en las que qutebrowser est\u00e1 registrado como manejador de URL. El problema ha sido corregido en qutebrowser versi\u00f3n v2.4.0. La correcci\u00f3n tambi\u00e9n a\u00f1ade un refuerzo adicional para posibles problemas similares en Linux (al a\u00f1adir la nueva flag --untrusted-args al archivo .desktop), aunque no se conoce ninguna vulnerabilidad de este tipo"}], "id": "CVE-2021-41146", "lastModified": "2022-10-24T18:43:15.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Primary"}]}, "published": "2021-10-21T18:15:10.303", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/qutebrowser/qutebrowser/commit/8f46ba3f6dc7b18375f7aa63c48a1fe461190430"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-vw27-fwjf-5qxm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-641"}, {"lang": "en", "value": "CWE-77"}, {"lang": "en", "value": "CWE-88"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}