{"id":"CLSA-2026-1777541348","summary":"flatpak: Fix of CVE-2021-43860","details":"- CVE-2021-43860: hidden permissions via null byte in metadata file","modified":"2026-05-27T11:18:24.783167085Z","published":"2026-05-02T01:08:30Z","upstream":["CVE-2021-43860"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/els_os/centos7els/CLSA-2026-1777541348.html"}],"affected":[{"package":{"name":"flatpak","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/flatpak?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.9-13.el7_9.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777541348.json"}},{"package":{"name":"flatpak-builder","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/flatpak-builder?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.0-13.el7_9.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777541348.json"}},{"package":{"name":"flatpak-devel","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/flatpak-devel?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.9-13.el7_9.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777541348.json"}},{"package":{"name":"flatpak-libs","ecosystem":"TuxCare:CentOS:7","purl":"pkg:rpm/tuxcare/flatpak-libs?distro=centos-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.9-13.el7_9.tuxcare.els2"}]}],"database_specific":{"source":"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777541348.json"}}],"schema_version":"1.7.5"}