Flatpak Security Vulnerabilities and Issues — Flatpak CVE List

Lucene search

FlatpakFlatpak

7 matches found

CVE•added 2021/01/14 8:15 p.m.•283 views

CVE-2021-21261

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. A bug was discovered in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). This sandbox-escape bug is present in versio...

8.8CVSS8.3AI score0.00048EPSS

CVE•added 2021/10/08 2:15 p.m.•239 views

CVE-2021-41133

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into...

8.8CVSS7AI score0.00061EPSS

CVE•added 2019/02/12 11:29 p.m.•173 views

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the apply_extra script sandbox, which allows attackers to modify a host-side executable file.

8.2CVSS7.8AI score0.00068EPSS

CVE•added 2022/01/12 10:15 p.m.•165 views

CVE-2021-43860

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.12.3 and 1.10.6, Flatpak doesn't properly validate that the permissions displayed to the user for an app at install time match the actual permissions granted to the app at runtime, in the case that there's a n...

8.6CVSS8.1AI score0.00176EPSS

CVE•added 2021/03/11 5:15 p.m.•160 views

CVE-2021-21381

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an attacker to gain access to files that would not ordinarily be a...

8.2CVSS7.3AI score0.00118EPSS

CVE•added 2024/04/18 6:15 p.m.•85 views

CVE-2024-32462

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. in versions before 1.10.9, 1.12.9, 1.14.6, and 1.15.8, a malicious or compromised Flatpak app could execute arbitrary code outside its sandbox. Normally, the --command argument of flatpak run expect...

8.4CVSS7.3AI score0.00063EPSS

CVE•added 2018/02/02 2:29 p.m.•75 views

CVE-2018-6560

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

8.8CVSS8.4AI score0.00094EPSS