PT-2017-14830 · Ocaml+1 · Ocaml Batteries Included+1

Published

2017-12-14

Updated

2017-12-29

CVE-2017-17519

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OCaml Batteries Included (aka ocaml-batteries) version 2.6

Description The issue concerns the batteriesConfig.mlp in OCaml Batteries Included, which fails to validate strings before launching the program specified by the BROWSER environment variable. This could allow remote attackers to conduct argument-injection attacks via a crafted URL.

Recommendations For OCaml Batteries Included version 2.6, consider validating strings before launching the program specified by the BROWSER environment variable to prevent argument-injection attacks. As a temporary workaround, restrict the use of the BROWSER environment variable until a proper fix is applied.

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

CVE-2017-17519

Affected Products

Debian

Ocaml Batteries Included

PT-2017-14830 · Ocaml+1 · Ocaml Batteries Included+1

CVE-2017-17519

Weakness Enumeration

Related Identifiers

Affected Products

References · 8