An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.
References
Configurations
History
21 Nov 2024, 06:25
Type | Values Removed | Values Added |
---|---|---|
References | () https://medium.com/%40tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e - | |
References | () https://www.listary.com/download - Vendor Advisory |
07 Nov 2023, 03:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-12-14 16:15
Updated : 2024-11-21 06:25
NVD link : CVE-2021-41067
Mitre link : CVE-2021-41067
CVE.ORG link : CVE-2021-41067
JSON object : View
Products Affected
listary
- listary
CWE
CWE-354
Improper Validation of Integrity Check Value