CVE-2017-17515 — etc/ObjectList in Metview 4.7.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection a — CVE Database · The Intelligence Room