Lucene search
PRIOn knowledge basePRION:CVE-2021-41146HistoryOct 21, 2021 - 6:15 p.m.
Code injection
2021-10-2118:15:00
PRIOn knowledge base
www.prio-n.com
3
qutebrowser is an open source keyboard-focused browser with a minimal GUI. Starting with qutebrowser v1.7.0, the Windows installer for qutebrowser registers a qutebrowserurl: URL handler. With certain applications, opening a specially crafted qutebrowserurl:... URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as :spawn or :debug-pyeval. Only Windows installs where qutebrowser is registered as URL handler are affected. The issue has been fixed in qutebrowser v2.4.0. The fix also adds additional hardening for potential similar issues on Linux (by adding the new --untrusted-args flag to the .desktop file), though no such vulnerabilities are known.
| CPE | Name | Operator | Version |
|---|---|---|---|
| qutebrowser | ge | 2.0.0 | |
| qutebrowser | lt | 2.4.0 | |
| qutebrowser | le | 1.7.0 |
Related
osv
osv
Arbitrary command execution on Windows via qutebrowserurl: URL handler
2021-10-22 16:20:10
PYSEC-2021-382
2021-10-21 18:15:00
CVE-2021-41146
2021-10-21 18:15:10
github
github
Arbitrary command execution on Windows via qutebrowserurl: URL handler
2021-10-22 16:20:10
veracode
veracode
Arbitrary Command Execution
2021-10-22 05:30:53
ubuntucve
ubuntucve
CVE-2021-41146
2021-10-21 00:00:00
cnvd
cnvd
qutebrowser has an unspecified vulnerability (CNVD-2021-100609)
2021-10-25 00:00:00
cvelist
cvelist
CVE-2021-41146 Arbitrary command execution on Windows in qutebrowser
2021-10-21 17:35:10
debiancve
debiancve
CVE-2021-41146
2021-10-21 18:15:10
cve
cve
CVE-2021-41146
2021-10-21 18:15:10
alpinelinux
alpinelinux
CVE-2021-41146
2021-10-21 18:15:00
nvd
nvd
CVE-2021-41146
2021-10-21 18:15:10