VDB
GCVE-VVD-MAGEIA-2021-143
GCVE-VVD-MAGEIA-2021-143
Advisory Published
Sandbox escape where a malicious application can execute code outside the
sandbox by controlling the environment of the "flatpak run" command when
spawning a sub-sandbox (CVE-2021-21261).
A potential attack where a flatpak application could use custom formatted
.desktop files to gain access to files on the host system (CVE-2021-21381).
The update also removes the unnecessary flatpak-tests subpackage.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | emacs | 0 (affected), 27.1-1.1.mga8 (unaffected) | — |
| Mageia | libglib-testing | 0 (affected), 0.1.0-2.mga7 (unaffected), 0 (affected), 0.1.0-2.mga7 (unaffected) | — |
| Mageia | appstream-glib | 0 (affected), 0.7.15-1.mga7 (unaffected), 0 (affected), 0.7.15-1.mga7 (unaffected) | — |
| Mageia | malcontent | 0 (affected), 0.9.0-2.mga7 (unaffected), 0 (affected), 0.9.0-2.mga7 (unaffected) | — |
| Mageia | bubblewrap | 0 (affected), 0.4.1-1.mga7 (unaffected), 0 (affected), 0.4.1-1.mga7 (unaffected) | — |
| Mageia | ostree | 0 (affected), 2020.8-1.mga7 (unaffected), 0 (affected), 2020.8-1.mga7 (unaffected) | — |
| Mageia | flatpak | 0 (affected), 1.10.2-1.mga7 (unaffected), 0 (affected), 1.10.2-1.mga7 (unaffected) | — |
| Mageia | gnome-software | 0 (affected), 3.32.2-2.1.mga7 (unaffected), 0 (affected), 3.32.2-2.1.mga7 (unaffected) | — |
References
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.