{"id":"CVE-2021-43171","details":"Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.","modified":"2026-04-10T04:40:54.529961Z","published":"2023-08-22T19:16:21.760Z","references":[{"type":"ADVISORY","url":"https://gitlab.e.foundation/e/os/releases/-/releases/v0.19-q#sparkles-we-embedded-other-improvements"},{"type":"ADVISORY","url":"https://nervuri.net/e/apps"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.e.foundation/e/os/releases","events":[{"introduced":"0"},{"fixed":"cea51ef3fe3c6abee14d0668f463fdc32f50f1e6"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.19q"}]}}],"versions":["v0.18-q","v0.18-r","v0.18.1-q","v0.18.1-r","v0.9-pie","v0.9.0-pie"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43171.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}