CVE-2017-17535

Name of the Vulnerable Software and Affected Versions gjots2 version 2.4.1

Description The issue concerns the lack of validation for strings before launching a program specified by the BROWSER environment variable. This could potentially allow remote attackers to conduct argument-injection attacks via a crafted URL.

Recommendations For version 2.4.1, consider validating strings before launching the program specified by the BROWSER environment variable to prevent argument-injection attacks. As a temporary workaround, restrict the use of the BROWSER environment variable until a patch is available.