Control: retitle -1 CVE-2021-21381: flatpak: sandbox escape via special tokens in .desktop file (flatpak#4146)
On Tue, 09 Mar 2021 at 10:11:09 +0000, Simon McVittie wrote: > flatpak since 0.9.4 has a bug in the "file forwarding" feature, which can > be used by an attacker to gain access to files that would not ordinarily > be allowed by the app's permissions. ... > There is no CVE ID available for this yet, so I'm tracking it using the > upstream issue reference flatpak#4146. GitHub has issued CVE-2021-21381. (Full set of identifiers: CVE-2021-21381, flatpak#4146, Debian bug #984859 and GHSA-xgh4-387p-hqpp are all the same thing.) smcv