CVE-2021-41067
HIGHListary < 6 - Unauthenticated Arbitrary Code Execution via MITM Update Package Tampering
Title source: llmDescription
An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation of update packages that can cause an installation of malicious content.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.listary.com/download
Various Sources x_refsource_misc
https://medium.com/%40tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e
Scores
CVSS v3
7.5
EPSS
0.0056
EPSS Percentile
41.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-354
Status
published
Products (1)
listary/listary
< 6
Published
Dec 14, 2021
Tracked Since
Feb 18, 2026