John Houwer

**Name of the Vulnerable Software and Affected Versions** xdg-utils version 1.1.0 RC1 **Description** The issue is related to a lack of input sanitization in the xdg-utils package, which can be exploited by remote attackers to execute arbitrary code in the context of the application via command injection in the URL. This can occur when no supported desktop environment is identified. **Recommendations** For xdg-utils version 1.1.0 RC1, consider restricting the use of the xdg-open command with untrusted URL arguments until a patch is available. As a temporary workaround, avoid using xdg-open with potentially malicious URLs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.