Lucene search
GoogleOSV:CVE-2021-41146HistoryOct 21, 2021 - 6:15 p.m.
CVE-2021-41146
2021-10-2118:15:10
Google
osv.dev
3
qutebrowser
url handler
arbitrary code execution
windows
linux
vulnerability
qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a qutebrowserurl: URL handler. With certain applications, opening a specially crafted qutebrowserurl:... URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as :spawn or :debug-pyeval. Only Windows installs where qutebrowser is registered as URL handler are affected. The issue has been fixed in qutebrowser v2.4.0. The fix also adds additional hardening for potential similar issues on Linux (by adding the new --untrusted-args flag to the .desktop file), though no such vulnerabilities are known.
Related
github
github
Arbitrary command execution on Windows via qutebrowserurl: URL handler
2021-10-22 16:20:10
osv
osv
Arbitrary command execution on Windows via qutebrowserurl: URL handler
2021-10-22 16:20:10
PYSEC-2021-382
2021-10-21 18:15:00
debiancve
debiancve
CVE-2021-41146
2021-10-21 18:15:10
prion
prion
Code injection
2021-10-21 18:15:00
cvelist
cvelist
CVE-2021-41146 Arbitrary command execution on Windows in qutebrowser
2021-10-21 17:35:10
cve
cve
CVE-2021-41146
2021-10-21 18:15:10
alpinelinux
alpinelinux
CVE-2021-41146
2021-10-21 18:15:00
nvd
nvd
CVE-2021-41146
2021-10-21 18:15:10
veracode
veracode
Arbitrary Command Execution
2021-10-22 05:30:53
cnvd
cnvd
qutebrowser has an unspecified vulnerability (CNVD-2021-100609)
2021-10-25 00:00:00
ubuntucve
ubuntucve
CVE-2021-41146
2021-10-21 00:00:00