CVE-2017-17516

Name of the Vulnerable Software and Affected Versions Reddit Terminal Viewer (RTV) version 1.19.0

Description The issue concerns the scripts/inspect webbrowser.py script in RTV, which fails to validate strings before launching the program specified by the BROWSER environment variable. This could potentially allow remote attackers to conduct argument-injection attacks via a crafted URL.

Recommendations For RTV version 1.19.0, consider validating the strings passed to the BROWSER environment variable to prevent argument-injection attacks. As a temporary workaround, restrict the use of the BROWSER environment variable until a patch is available.