CVE-2021-41067

An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.
Configurations

Configuration 1 (hide)

cpe:2.3:a:listary:listary:*:*:*:*:*:*:*:*

History

07 Nov 2023, 03:38

Type Values Removed Values Added
References
  • {'url': 'https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e', 'name': 'https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e', 'tags': ['Exploit', 'Third Party Advisory'], 'refsource': 'MISC'}
  • () https://medium.com/%40tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e -

Information

Published : 2021-12-14 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-41067

Mitre link : CVE-2021-41067

CVE.ORG link : CVE-2021-41067


JSON object : View

Products Affected

listary

  • listary
CWE
CWE-354

Improper Validation of Integrity Check Value