CVE-2018-10895 log

Severity Critical
Remote Yes
Type Arbitrary code execution
Due to a CSRF vulnerability affecting the qute://settings page, it was possible for websites to modify qutebrowser settings. Via settings like 'editor.command', this possibly allowed websites to execute arbitrary code.
Group Package Affected Fixed Severity Status Ticket
AVG-735 qutebrowser 1.4.0-1 1.4.1-1 Critical Fixed
Date Advisory Group Package Severity Type
11 Jul 2018 ASA-201807-3 AVG-735 qutebrowser Critical arbitrary code execution