Homepage
About Snyk

Detection of Error Condition Without Action Affecting qutebrowser package, versions [,1.11.1)

Severity

 Recommended
0.0
low
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    EPSS
    0.09% (39th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-QUTEBROWSER-568683
  • published 7 May 2020
  • disclosed 7 May 2020
  • credit Unknown
Report a new vulnerability Found a mistake?

Introduced: 7 May 2020

CVE-2020-11054 Open this link in a new tab
CWE-390 Open this link in a new tab

How to fix?

Upgrade qutebrowser to version 1.11.1 or higher.

Overview

qutebrowser is a keyboard-driven, vim-like browser based on PyQt5.

Affected versions of this package are vulnerable to Detection of Error Condition Without Action. Eeloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website is subsequently loaded again, the URL is mistakenly displayed as green (colors.statusbar.url.success_https).

CVSS Scores

version 3.1
Expand this section

Snyk

3.1 low
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    High
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    Required
  • Scope (S)
    Unchanged
  • Confidentiality (C)
    Low
  • Integrity (I)
    None
  • Availability (A)
    None
Expand this section

NVD

3.5 low