Some vulnerabilities have been reported in Xdg-utils, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to the "xgd-open" and "xdg-email" scripts not correctly sanitising parameters before using them in a sed call. This can be exploited to inject and execute shell commands if e.g. a malicious URL is passed to the affected scripts.
Successful exploitation requires that the scripts are not used in a KDE, Gnome, or XFCE session.
The vulnerabilities are reported in version 1.0.2. Other versions may also be affected.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org