{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-32563", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2023-01-05T00:00:00", "dateReserved": "2021-05-11T00:00:00", "datePublished": "2021-05-11T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-01-05T00:00:00"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b"}, {"url": "https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664"}, {"url": "https://www.openwall.com/lists/oss-security/2021/05/09/2"}, {"url": "https://gitlab.xfce.org/xfce/thunar/-/tags"}, {"name": "[oss-security] 20210511 Re: Code execution through Thunar", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/3"}, {"url": "https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d"}, {"name": "[oss-security] 20230104 Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/01/05/1"}, {"name": "[oss-security] 20230105 Re: Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2023/01/05/2"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xfce:thunar:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFE279F7-C6F4-4D5D-98A0-6786253DFE3C", "versionEndExcluding": "4.16.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfce:thunar:*:*:*:*:*:*:*:*", "matchCriteriaId": "3C50E9C4-30D6-465A-AD74-07074B15B861", "versionEndExcluding": "4.17.2", "versionStartIncluding": "4.17.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Thunar versiones anteriores a 4.16.7 y versiones 4.17.x anteriores a 4.17.2. Cuando es llamado con un archivo normal como argumento de l\u00ednea de comandos, es delegado en un programa diferente (seg\u00fan el tipo de archivo) sin la confirmaci\u00f3n del usuario. Esto podr\u00eda ser usado para lograr una ejecuci\u00f3n de c\u00f3digo"}], "id": "CVE-2021-32563", "lastModified": "2023-02-28T19:00:53.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-11T05:15:07.217", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/05/11/3"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/01/05/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/01/05/2"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://gitlab.xfce.org/xfce/thunar/-/tags"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2021/05/09/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-913"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}