CVE-2017-17519

Name of the Vulnerable Software and Affected Versions OCaml Batteries Included (aka ocaml-batteries) version 2.6

Description The issue concerns the batteriesConfig.mlp in OCaml Batteries Included, which fails to validate strings before launching the program specified by the BROWSER environment variable. This could allow remote attackers to conduct argument-injection attacks via a crafted URL.

Recommendations For OCaml Batteries Included version 2.6, consider validating strings before launching the program specified by the BROWSER environment variable to prevent argument-injection attacks. As a temporary workaround, restrict the use of the BROWSER environment variable until a proper fix is applied.