Security Vulnerabilities Report

[github-actions]

New security vulnerabilities found. See the details below.

[github-actions]

Directory: ./rte/dotnet3

Library	Vulnerability	Severity	Status	Installed Version	Fixed Version	Title
Microsoft.AspNetCore.App.Runtime.linux-x64	CVE-2024-21386	CRITICAL	fixed	3.1.32	6.0.27, 7.0.16, 8.0.2	dotnet: Denial of Service in SignalR server
Microsoft.AspNetCore.App.Runtime.linux-x64	CVE-2023-33170	HIGH	fixed	3.1.32	6.0.20, 7.0.9	dotnet: race condition in Core SignInManager PasswordSignInAsync method

[github-actions]

Directory: ./sdk/dotnet7

Library	Vulnerability	Severity	Status	Installed Version	Fixed Version	Title
System.Text.Json	CVE-2024-30105	HIGH	fixed	7.0.4	8.0.4	dotnet: DoS in System.Text.Json
System.Text.Json	CVE-2024-30105	HIGH	fixed	7.0.4	8.0.4	dotnet: DoS in System.Text.Json

[github-actions]

Directory: ./sdk/dotnet3

Library	Vulnerability	Severity	Status	Installed Version	Fixed Version	Title
NuGet.Commands	CVE-2022-41032	HIGH	fixed	5.7.3-rtm.5	4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1	dotnet: Nuget cache poisoning on Linux via world-writable cache directory
NuGet.Commands	CVE-2023-29337	HIGH	fixed	5.7.3-rtm.5	6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5	dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
NuGet.Common	CVE-2023-29337	HIGH	fixed	5.7.3-rtm.5	6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5	dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
NuGet.Packaging	CVE-2024-0057	CRITICAL	fixed	5.7.3-rtm.5	5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1	dotnet: X509 Certificates - Validation Bypass across Azure
NuGet.Protocol	CVE-2022-41032	HIGH	fixed	5.7.3-rtm.5	4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1	dotnet: Nuget cache poisoning on Linux via world-writable cache directory
NuGet.Protocol	CVE-2023-29337	HIGH	fixed	5.7.3-rtm.5	6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5	dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
System.Drawing.Common	CVE-2021-24112	CRITICAL	fixed	4.7.0	4.7.2, 5.0.3	dotnet: Remote Code Execution Vulnerability
NuGet.Commands	CVE-2022-41032	HIGH	fixed	5.7.3-rtm.5	4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1	dotnet: Nuget cache poisoning on Linux via world-writable cache directory
NuGet.Commands	CVE-2023-29337	HIGH	fixed	5.7.3-rtm.5	6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5	dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
NuGet.Common	CVE-2023-29337	HIGH	fixed	5.7.3-rtm.5	6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5	dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
NuGet.Packaging	CVE-2024-0057	CRITICAL	fixed	5.7.3-rtm.5	5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1	dotnet: X509 Certificates - Validation Bypass across Azure
NuGet.Protocol	CVE-2022-41032	HIGH	fixed	5.7.3-rtm.5	4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1	dotnet: Nuget cache poisoning on Linux via world-writable cache directory
NuGet.Protocol	CVE-2023-29337	HIGH	fixed	5.7.3-rtm.5	6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5	dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
System.Drawing.Common	CVE-2021-24112	CRITICAL	fixed	4.7.0	4.7.2, 5.0.3	dotnet: Remote Code Execution Vulnerability
Newtonsoft.Json	CVE-2024-21907	HIGH	fixed	9.0.1	13.0.1	Improper Handling of Exceptional Conditions in Newtonsoft.Json
NuGet.Commands	CVE-2022-41032	HIGH	fixed	5.7.3-rtm.5	4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1	dotnet: Nuget cache poisoning on Linux via world-writable cache directory
NuGet.Commands	CVE-2023-29337	HIGH	fixed	5.7.3-rtm.5	6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5	dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
NuGet.Common	CVE-2023-29337	HIGH	fixed	5.7.3-rtm.5	6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5	dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
NuGet.Packaging	CVE-2024-0057	CRITICAL	fixed	5.7.3-rtm.5	5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1	dotnet: X509 Certificates - Validation Bypass across Azure
NuGet.Protocol	CVE-2022-41032	HIGH	fixed	5.7.3-rtm.5	4.9.6, 5.7.3, 5.9.3, 5.11.3, 6.0.3, 6.2.2, 6.3.1	dotnet: Nuget cache poisoning on Linux via world-writable cache directory
NuGet.Protocol	CVE-2023-29337	HIGH	fixed	5.7.3-rtm.5	6.0.5, 6.2.4, 6.3.3, 6.4.2, 6.5.1, 6.6.1, 5.11.5	dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
System.Drawing.Common	CVE-2021-24112	CRITICAL	fixed	4.7.0	4.7.2, 5.0.3	dotnet: Remote Code Execution Vulnerability
Newtonsoft.Json	CVE-2024-21907	HIGH	fixed	9.0.1	13.0.1	Improper Handling of Exceptional Conditions in Newtonsoft.Json
Newtonsoft.Json	CVE-2024-21907	HIGH	fixed	9.0.1	13.0.1	Improper Handling of Exceptional Conditions in Newtonsoft.Json
Microsoft.AspNetCore.App.Runtime.linux-x64	CVE-2024-21386	CRITICAL	fixed	3.1.32	6.0.27, 7.0.16, 8.0.2	dotnet: Denial of Service in SignalR server
Microsoft.AspNetCore.App.Runtime.linux-x64	CVE-2023-33170	HIGH	fixed	3.1.32	6.0.20, 7.0.9	dotnet: race condition in Core SignInManager PasswordSignInAsync method

[github-actions]

Directory: ./sdk/dotnet8

Library	Vulnerability	Severity	Status	Installed Version	Fixed Version	Title
NuGet.Packaging	CVE-2024-0057	CRITICAL	fixed	6.8.1-rc.32767	5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1	dotnet: X509 Certificates - Validation Bypass across Azure
NuGet.Packaging	CVE-2024-0057	CRITICAL	fixed	6.8.1-rc.32767	5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1	dotnet: X509 Certificates - Validation Bypass across Azure
NuGet.Packaging	CVE-2024-0057	CRITICAL	fixed	6.8.1-rc.32767	5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1	dotnet: X509 Certificates - Validation Bypass across Azure
NuGet.Packaging	CVE-2024-0057	CRITICAL	fixed	6.8.1-rc.32767	5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1	dotnet: X509 Certificates - Validation Bypass across Azure

[github-actions]

Directory: ./3rd-party/chrome

Library	Vulnerability	Severity	Status	Installed Version	Fixed Version	Title
coreutils	CVE-2016-2781	LOW	affected	8.32-4.1ubuntu1.2	N/A	coreutils: Non-privileged session can escape to the parent session in chroot
cpp	CVE-2020-13844	MEDIUM	affected	4:11.2.0-1ubuntu1	N/A	kernel: ARM straight-line speculation vulnerability
cpp-11	CVE-2021-3826	LOW	affected	11.4.0-1ubuntu1~22.04	N/A	libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c
cpp-11	CVE-2021-46195	LOW	affected	11.4.0-1ubuntu1~22.04	N/A	gcc: uncontrolled recursion in libiberty/rust-demangle.c
cpp-11	CVE-2022-27943	LOW	affected	11.4.0-1ubuntu1~22.04	N/A	binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const
dbus	CVE-2023-34969	LOW	affected	1.12.20-2ubuntu4.1	N/A	dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered
dbus-user-session	CVE-2023-34969	LOW	affected	1.12.20-2ubuntu4.1	N/A	dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered
dirmngr	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gcc-11-base	CVE-2021-3826	LOW	affected	11.4.0-1ubuntu1~22.04	N/A	libiberty: Heap/stack buffer overflow in the dlang_lname function in d-demangle.c
gcc-11-base	CVE-2021-46195	LOW	affected	11.4.0-1ubuntu1~22.04	N/A	gcc: uncontrolled recursion in libiberty/rust-demangle.c
gcc-11-base	CVE-2022-27943	LOW	affected	11.4.0-1ubuntu1~22.04	N/A	binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const
gcc-12-base	CVE-2022-27943	LOW	affected	12.3.0-1ubuntu1~22.04	N/A	binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const
gnupg	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gnupg-l10n	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gnupg-utils	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gpg	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gpg-agent	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gpg-wks-client	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gpg-wks-server	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gpgconf	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gpgsm	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
gpgv	CVE-2022-3219	LOW	affected	2.2.27-3ubuntu2.1	N/A	gnupg: denial of service issue (resource consumption) using compressed packets
libapparmor1	CVE-2016-1585	MEDIUM	affected	3.0.4-2ubuntu2.3build2	N/A	In all versions of AppArmor mount rules are accidentally widened when ...
libc-bin	CVE-2016-20013	LOW	affected	2.35-0ubuntu3.8	N/A	null
libc6	CVE-2016-20013	LOW	affected	2.35-0ubuntu3.8	N/A	null
libcairo-gobject2	CVE-2017-7475	LOW	affected	1.16.0-5ubuntu2	N/A	cairo: NULL pointer dereference with a crafted font file
libcairo-gobject2	CVE-2018-18064	LOW	affected	1.16.0-5ubuntu2	N/A	cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document
libcairo-gobject2	CVE-2019-6461	LOW	affected	1.16.0-5ubuntu2	N/A	cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c
libcairo2	CVE-2017-7475	LOW	affected	1.16.0-5ubuntu2	N/A	cairo: NULL pointer dereference with a crafted font file
libcairo2	CVE-2018-18064	LOW	affected	1.16.0-5ubuntu2	N/A	cairo: Stack-based buffer overflow via parsing of crafted WebKitGTK+ document
libcairo2	CVE-2019-6461	LOW	affected	1.16.0-5ubuntu2	N/A	cairo: assertion problem in _cairo_arc_in_direction in cairo-arc.c
libcurl3-gnutls	CVE-2024-8096	MEDIUM	affected	7.81.0-1ubuntu1.17	N/A	curl: OCSP stapling bypass with GnuTLS
libdbus-1-3	CVE-2023-34969	LOW	affected	1.12.20-2ubuntu4.1	N/A	dbus: dbus-daemon: assertion failure when a monitor is active and a message from the driver cannot be delivered
libexpat1	CVE-2024-45490	MEDIUM	affected	2.4.7-1ubuntu0.3	N/A	libexpat: Negative Length Parsing Vulnerability in libexpat
libexpat1	CVE-2024-45491	MEDIUM	affected	2.4.7-1ubuntu0.3	N/A	libexpat: Integer Overflow or Wraparound
libexpat1	CVE-2024-45492	MEDIUM	affected	2.4.7-1ubuntu0.3	N/A	libexpat: integer overflow
libgcc-s1	CVE-2022-27943	LOW	affected	12.3.0-1ubuntu1~22.04	N/A	binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const
libgcrypt20	CVE-2024-2236	MEDIUM	affected	1.9.4-3ubuntu3	N/A	libgcrypt: vulnerable to Marvin Attack
libgif7	CVE-2023-48161	LOW	affected	5.1.9-2ubuntu0.1	N/A	giflib: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function
libgssapi-krb5-2	CVE-2024-26462	MEDIUM	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/kdc/ndr.c
libgssapi-krb5-2	CVE-2024-26458	LOW	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
libgssapi-krb5-2	CVE-2024-26461	LOW	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
libharfbuzz0b	CVE-2023-25193	LOW	affected	2.7.4-1ubuntu3.1	N/A	harfbuzz: allows attackers to trigger O(n^2) growth via consecutive marks
libk5crypto3	CVE-2024-26462	MEDIUM	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/kdc/ndr.c
libk5crypto3	CVE-2024-26458	LOW	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
libk5crypto3	CVE-2024-26461	LOW	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
libkrb5-3	CVE-2024-26462	MEDIUM	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/kdc/ndr.c
libkrb5-3	CVE-2024-26458	LOW	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
libkrb5-3	CVE-2024-26461	LOW	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
libkrb5support0	CVE-2024-26462	MEDIUM	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/kdc/ndr.c
libkrb5support0	CVE-2024-26458	LOW	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/lib/rpc/pmap_rmt.c
libkrb5support0	CVE-2024-26461	LOW	affected	1.19.2-2ubuntu0.4	N/A	krb5: Memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c
libncurses6	CVE-2023-45918	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c
libncurses6	CVE-2023-50495	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: segmentation fault via _nc_wrap_entry()
libncursesw6	CVE-2023-45918	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c
libncursesw6	CVE-2023-50495	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: segmentation fault via _nc_wrap_entry()
libnss-systemd	CVE-2023-7008	LOW	affected	249.11-0ubuntu3.12	N/A	systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
libpam-systemd	CVE-2023-7008	LOW	affected	249.11-0ubuntu3.12	N/A	systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
libpcre3	CVE-2017-11164	LOW	affected	2:8.39-13ubuntu0.22.04.1	N/A	pcre: OP_KETRMAX feature in the match function in pcre_exec.c
libpixman-1-0	CVE-2023-37769	MEDIUM	affected	0.40.0-1ubuntu0.22.04.1	N/A	stress-test master commit e4c878 was discovered to contain a FPE vulne ...
libpng16-16	CVE-2022-3857	LOW	affected	1.6.37-3build5	N/A	libpng: Null pointer dereference leads to segmentation fault
libpython3.10-minimal	CVE-2023-27043	MEDIUM	affected	3.10.12-1~22.04.5	N/A	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
libpython3.10-stdlib	CVE-2023-27043	MEDIUM	affected	3.10.12-1~22.04.5	N/A	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
libssl3	CVE-2024-41996	MEDIUM	affected	3.0.2-0ubuntu1.17	N/A	openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations
libssl3	CVE-2024-6119	MEDIUM	fixed	3.0.2-0ubuntu1.17	3.0.2-0ubuntu1.18	openssl: Possible denial of service in X.509 name checks
libstdc++6	CVE-2022-27943	LOW	affected	12.3.0-1ubuntu1~22.04	N/A	binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const
libsystemd0	CVE-2023-7008	LOW	affected	249.11-0ubuntu3.12	N/A	systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
libtiff5	CVE-2024-6716	LOW	affected	4.3.0-6ubuntu0.10	N/A	null
libtinfo6	CVE-2023-45918	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c
libtinfo6	CVE-2023-50495	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: segmentation fault via _nc_wrap_entry()
libudev1	CVE-2023-7008	LOW	affected	249.11-0ubuntu3.12	N/A	systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
libxml-twig-perl	CVE-2016-9180	LOW	affected	1:3.52-1	N/A	perl-XML-Twig: expand_external_ents option fails to work as documented
libzstd1	CVE-2022-4899	LOW	affected	1.4.8+dfsg-3build1	N/A	zstd: mysql: buffer overrun in util.c
login	CVE-2023-29383	LOW	affected	1:4.8.1-2ubuntu2.2	N/A	shadow: Improper input validation in shadow-utils package utility chfn
ncurses-base	CVE-2023-45918	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c
ncurses-base	CVE-2023-50495	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: segmentation fault via _nc_wrap_entry()
ncurses-bin	CVE-2023-45918	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: NULL pointer dereference in tgetstr in tinfo/lib_termcap.c
ncurses-bin	CVE-2023-50495	LOW	affected	6.3-2ubuntu0.1	N/A	ncurses: segmentation fault via _nc_wrap_entry()
openssl	CVE-2024-41996	MEDIUM	affected	3.0.2-0ubuntu1.18	N/A	openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations
passwd	CVE-2023-29383	LOW	affected	1:4.8.1-2ubuntu2.2	N/A	shadow: Improper input validation in shadow-utils package utility chfn
python3.10	CVE-2023-27043	MEDIUM	affected	3.10.12-1~22.04.5	N/A	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
python3.10-minimal	CVE-2023-27043	MEDIUM	affected	3.10.12-1~22.04.5	N/A	python: Parsing errors in email/_parseaddr.py lead to incorrect value in email address part of tuple
systemd	CVE-2023-7008	LOW	affected	249.11-0ubuntu3.12	N/A	systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
systemd-sysv	CVE-2023-7008	LOW	affected	249.11-0ubuntu3.12	N/A	systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
systemd-timesyncd	CVE-2023-7008	LOW	affected	249.11-0ubuntu3.12	N/A	systemd-resolved: Unsigned name response in signed zone is not refused when DNSSEC=yes
wget	CVE-2021-31879	MEDIUM	affected	1.21.2-2ubuntu1.1	N/A	wget: authorization header disclosure on redirect
xdg-utils	CVE-2022-4055	LOW	affected	1.1.3-4.1ubuntu3~22.04.1	N/A	xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments