CVE-2017-17531

Name of the Vulnerable Software and Affected Versions GNU GLOBAL version 4.8.6

Description The issue arises from the failure to validate strings before launching a program specified by the BROWSER environment variable, potentially allowing remote attackers to conduct argument-injection attacks via a crafted URL. This could be exploited by manipulating the URL to inject arguments into the program launched by the BROWSER variable.

Recommendations For GNU GLOBAL version 4.8.6, consider validating strings before launching the program specified by the BROWSER environment variable to prevent argument-injection attacks. As a temporary workaround, restrict the use of the BROWSER environment variable to trusted programs and URLs until a patch is available.