CVE-2017-17518

Name of the Vulnerable Software and Affected Versions White dune version 0.30.10

Description The issue concerns the lack of validation for strings before launching a program specified by the BROWSER environment variable in the swt/motif/browser.c file. This could potentially allow remote attackers to conduct argument-injection attacks via a crafted URL. However, it is noted that the current version of White dune does not use the BROWSER environment variable; instead, it reads the browser variable from the $HOME/.dunerc file or the Windows registry, and this setting is configurable in the options menu.

Recommendations For White dune version 0.30.10, consider disabling the use of the BROWSER environment variable as a temporary workaround until a patch is available. Restrict access to the browser variable read from the $HOME/.dunerc file or the Windows registry to minimize the risk of exploitation. Avoid using the BROWSER environment variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.