Vulnerability	Vulnerable Version
H Arbitrary Code Execution qutebrowser is a keyboard-driven, vim-like browser based on PyQt5. Affected versions of this package are vulnerable to Arbitrary Code Execution. The Windows installer for qutebrowser registers a `qutebrowserurl:` URL handler. With certain applications, opening a specially crafted `qutebrowserurl:...` URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as `:spawn` or `:debug-pyeval`. Only Windows installs where qutebrowser is registered as URL handler are affected. How to fix Arbitrary Code Execution? Upgrade `qutebrowser` to version 2.4.0 or higher.	[1.7.0,2.4.0)
L Detection of Error Condition Without Action qutebrowser is a keyboard-driven, vim-like browser based on PyQt5. Affected versions of this package are vulnerable to Detection of Error Condition Without Action. Eeloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (`colors.statusbar.url.warn.fg`). However, when the affected website is subsequently loaded again, the URL is mistakenly displayed as green (`colors.statusbar.url.success_https`). How to fix Detection of Error Condition Without Action? Upgrade `qutebrowser` to version 1.11.1 or higher.	[,1.11.1)

Arbitrary Code Execution

qutebrowser is a keyboard-driven, vim-like browser based on PyQt5.

Affected versions of this package are vulnerable to Arbitrary Code Execution. The Windows installer for qutebrowser registers a qutebrowserurl: URL handler. With certain applications, opening a specially crafted qutebrowserurl:... URL can lead to execution of qutebrowser commands, which in turn allows arbitrary code execution via commands such as :spawn or :debug-pyeval.

Only Windows installs where qutebrowser is registered as URL handler are affected.

How to fix Arbitrary Code Execution?

Upgrade qutebrowser to version 2.4.0 or higher.

[1.7.0,2.4.0)

Detection of Error Condition Without Action

qutebrowser is a keyboard-driven, vim-like browser based on PyQt5.

Affected versions of this package are vulnerable to Detection of Error Condition Without Action. Eeloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website is subsequently loaded again, the URL is mistakenly displayed as green (colors.statusbar.url.success_https).

How to fix Detection of Error Condition Without Action?

Upgrade qutebrowser to version 1.11.1 or higher.

[,1.11.1)

Go back to all versions of this package