Detection of Error Condition Without Action Affecting qutebrowser package, versions [,1.11.1)


Severity

0.0
low
0
10

    Threat Intelligence

    EPSS
    0.09% (38th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-QUTEBROWSER-568683
  • published 7 May 2020
  • disclosed 7 May 2020
  • credit Unknown

How to fix?

Upgrade qutebrowser to version 1.11.1 or higher.

Overview

qutebrowser is a keyboard-driven, vim-like browser based on PyQt5.

Affected versions of this package are vulnerable to Detection of Error Condition Without Action. Eeloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website is subsequently loaded again, the URL is mistakenly displayed as green (colors.statusbar.url.success_https).

CVSS Scores

version 3.1
Expand this section

Snyk

3.1 low
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    None
  • Availability (A)
    None
Expand this section

NVD

3.5 low