← back
CVE-2017-17514

CVE-2017-17514

CVSS 8.8 HIGHEPSS 1.7%CWE-74
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.8EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
14 Dec 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/jcupitt/nip2/issues/70https://security-tracker.debian.org/tracker/CVE-2017-17514