CVE-2021-43171

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-43171

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43171.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-43171

Published

2023-08-22T19:16:21.760Z

Modified

2025-11-14T12:33:41.150050Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.

References

Affected packages

Git / gitlab.e.foundation/e/os/releases

Affected ranges

Type: GIT
Repo: https://gitlab.e.foundation/e/os/releases
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cea51ef3fe3c6abee14d0668f463fdc32f50f1e6

Affected versions

v0.*

v0.12-q

v0.12.1-q

v0.13-q

v0.14-q

v0.14.1-q

v0.14.2-q

v0.15-q

v0.17-q

v0.17.1-q

v0.18-q

v0.18-r

v0.18.1-q

v0.18.1-r

v0.9-pie

v0.9.0-pie

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-43171.json"