« List of all CVEs

CVE-2017-17524

Published: 12/14/2017 Last updated: 8/5/2024 Reserved: 12/11/2017

library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (1)

conf-swi-prolog

Products affected (1)

Product Vendor Version
n/a n/a 6.04 through 6.06

References (2)