CVE-2022-4055

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach files when clicked.
References
Link Resource
https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/205#note_1494267 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:freedesktop:xdg-utils:*:*:*:*:*:*:*:*

History

26 Nov 2022, 03:18

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-19 00:15

Updated : 2024-02-04 23:14


NVD link : CVE-2022-4055

Mitre link : CVE-2022-4055

CVE.ORG link : CVE-2022-4055


JSON object : View

Products Affected

freedesktop

  • xdg-utils
CWE
CWE-146

Improper Neutralization of Expression/Command Delimiters