Lucene search
GoogleOSV:CVE-2021-43863HistoryJan 25, 2022 - 4:15 p.m.
CVE-2021-43863
2022-01-2516:15:08
Google
osv.dev
7
nextcloud android app
security patch
sql injection
insufficient permission control
upgrade
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud’s data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading.
Related
prion
prion
Sql injection
2022-01-25 16:15:00
nvd
nvd
CVE-2021-43863
2022-01-25 16:15:08
cnvd
cnvd
Nextcloud Android app SQL injection vulnerability (CNVD-2022-18415)
2022-01-27 00:00:00
cve
cve
CVE-2021-43863
2022-01-25 16:15:08
cvelist
cvelist
CVE-2021-43863 SQL Injection in FileContentProvider (GHSL-2021-1007)
2022-01-25 15:25:11