CVE-2022-32278HIGHCVSS 8.8fixed in exo 4.16.4-1 (bookworm)2022
CVE-2022-32278 [HIGH] CVE-2022-32278: exo - XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execut...
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
Scope: local
bookworm: resolved (fixed in 4.16.4-1)
bullseye: resolved (fixed in 4.16.0-1+deb11u1)
forky: resolved (fixed in 4.16.4-1)
sid: resolved (fixed in 4.16.4-1)
trixie: resolved (fixed in 4.16.4-1)
debian