Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2021-32563

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.

  • Published: May 11, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-32563
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9.8
  • AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
xfce / thunar - 4.16.7
xfce / thunar 4.17.0 4.17.2