VYPR
High severity8.8OSV Advisory· Published Feb 2, 2018· Updated Jun 17, 2026

CVE-2018-6560

CVE-2018-6560

Description

In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and 0.10.x before 0.10.3, crafted D-Bus messages to the host can be used to break out of the sandbox, because whitespace handling in the proxy is not identical to whitespace handling in the daemon.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Flatpak/FlatpakOSV2 versions
    0.1, 0.10.0, 0.10.1, …+ 1 more
    • (no CPE)range: 0.1, 0.10.0, 0.10.1, …
    • (no CPE)range: <0.8.9, >=0.9.0 <0.10.3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.