Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=66670
Upstream patches: https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=11a4bd44692f74a8b8b4615e44dc897c929ef1e5 https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ab071beaabb62ceda3028dd5efa85e8057c29006
Statement: This issue affects the versions of xdg-utils as shipped with Red Hat Enterprise Linux 7. Red Hat Product Security has rated this issue as having a security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.