Published: 13/01/2023 Updated: 23/01/2023

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 0

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows malicious users to access arbitrary files via supplying a crafted URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
webbrowser project webbrowser

CVE 2022-45299

CVE-2022-45299 #Affected Library : webbrowserrs before version 083 githubcom/amodm/webbrowser-rs #Summary: The library fails to validate that the provided input is actually an URL An attacker in control of an unfiltered URL passed to webbrowser::open(URL) can, therefore, provide a local file path that will be opened in the default explorer or pass one argument to t

CVE 2022-45299

CVE-2022-45299 #Affected Library : webbrowserrs before version 083 githubcom/amodm/webbrowser-rs #Summary: The library fails to validate that the provided input is actually an URL An attacker in control of an unfiltered URL passed to webbrowser::open(URL) can, therefore, provide a local file path that will be opened in the default explorer or pass one argument to t

CWE-22 https://github.com/offalltn/CVE-2022-45299 https://nvd.nist.gov https://github.com/offalltn/CVE-2022-45299

CVE-2022-45299

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect