QwikSec

Security Database

CVE

CWE

Training

CVE-2021-32563

Published: May 11, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b

https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664

https://www.openwall.com/lists/oss-security/2021/05/09/2

https://gitlab.xfce.org/xfce/thunar/-/tags

[oss-security] 20210511 Re: Code execution through Thunar

mailing-list

https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d

[oss-security] 20230104 Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations

mailing-list

[oss-security] 20230105 Re: Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.