CVE-2022-45062 – Gentoo Linux Security Advisory 202305-05

https://notcve.org/view.php?id=CVE-2022-45062

09 Nov 2022 — In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. En Xfce xfce4-settings anterior a 4.16.4 y 4.17.x anterior a 4.17.1, existe una vulnerabilidad de inyección de argumentos en xfce4-mime-helper. Robin Peraglie and Johannes Moritz discovered an argument injection bug in the xfce4-mime-helper component of xfce4-settings, which can be exploited using the xdg-open common tool. Since xdg-open is used by multiple standard applications ... • https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •