CVE-2021-41256

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41256

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41256.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41256

Related

GHSA-2q9v-q3cc-h9f3

Published

2021-11-30T21:15:08.227Z

Modified

2026-04-11T18:45:37.736761Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible.

References

Affected packages

Git / github.com/nextcloud/news-android

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/news-android

Events

Introduced

Fixed

f922eccbb66539c481b8c2f6ca6ca796c6e41470

Fixed

05449cb666059af7de2302df9d5c02997a23df85

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.9.9.63"
        }
    ]
}

Affected versions

0.*

0.4.10

0.5.2

0.9.9.19

0.9.9.19.1

0.9.9.19.2

v.*

v.0.7.4

v.0.7.5

v.0.7.7

v.0.8.4

v.0.8.4.5

v.0.8.8

v.0.9.0

v.0.9.1

v.0.9.3

v.0.9.4

v.0.9.5

v.0.9.5.2

v.0.9.6.1

v.0.9.6.3

v.0.9.7

v.0.9.7.2

v.0.9.7.3

v.0.9.7.4

v.0.9.7.5

v.0.9.7.6

v.0.9.8

v.0.9.8.1

v.0.9.8.2

v.0.9.8.3

v.0.9.8.3.1

v.0.9.8.4

v.0.9.8.5

v.0.9.8.7

v.0.9.9.0

v.0.9.9.1

v.0.9.9.10

v.0.9.9.11

v.0.9.9.11-1

v.0.9.9.12

v.0.9.9.13

v.0.9.9.15

v.0.9.9.16

v.0.9.9.16.1

v.0.9.9.17.1

v.0.9.9.18

v.0.9.9.2

v.0.9.9.20

v.0.9.9.21

v.0.9.9.22

v.0.9.9.23

v.0.9.9.24

v.0.9.9.25

v.0.9.9.26

v.0.9.9.3

v.0.9.9.31

v.0.9.9.32

v.0.9.9.33

v.0.9.9.34

v.0.9.9.35

v.0.9.9.36

v.0.9.9.38

v.0.9.9.4

v.0.9.9.40

v.0.9.9.50

v.0.9.9.6

v.0.9.9.60

v.0.9.9.61

v.0.9.9.62

v.0.9.9.7

v.0.9.9.8

v.0.9.9.9

v.0.9.9.9.1

v0.*

v0.5.4

v0.5.5

v0.5.8

v0.6.1

v0.6.9.5

v0.9.9.35

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2021-41256-086eb739",
        "deprecated": false,
        "digest": {
            "length": 232.0,
            "function_hash": "183887114535149891496406221583401254673"
        },
        "signature_version": "v1",
        "target": {
            "function": "onStart",
            "file": "News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/SettingsActivity.java"
        },
        "source": "https://github.com/nextcloud/news-android/commit/05449cb666059af7de2302df9d5c02997a23df85"
    },
    {
        "signature_type": "Line",
        "id": "CVE-2021-41256-689aa7be",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "141899385168248940446685660758705924838",
                "244800978941046954149367307266398676863",
                "41877304982036598563008459777714313541",
                "223744863353862852000523696365314266473",
                "138996754888375792500225206719808347359"
            ]
        },
        "signature_version": "v1",
        "target": {
            "file": "News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/NewsReaderListActivity.java"
        },
        "source": "https://github.com/nextcloud/news-android/commit/05449cb666059af7de2302df9d5c02997a23df85"
    },
    {
        "signature_type": "Line",
        "id": "CVE-2021-41256-8e024e22",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "328720867049808911310887293039361054237",
                "246127741562763585146183644876302088144",
                "257430442476808139659176132883107624348",
                "107640139098688655158529121404005807354",
                "170700116984773881292723086793174605089",
                "117044961784804718645526061331268291071",
                "39289828861905501262119063348073410471",
                "215370200594388182429856189135917507316",
                "174792718961590291071637339996378945656",
                "118603621017998757521845547991632654432",
                "85947836952222263266391953995227713637",
                "257175738044056229855623847545481850020",
                "120051494547413059793071454612840193226",
                "262385101131883859647873674044083162894",
                "89403782932651429855727681373668143383",
                "227860104627328427109797985642790337331"
            ]
        },
        "signature_version": "v1",
        "target": {
            "file": "News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/SettingsActivity.java"
        },
        "source": "https://github.com/nextcloud/news-android/commit/05449cb666059af7de2302df9d5c02997a23df85"
    },
    {
        "signature_type": "Function",
        "id": "CVE-2021-41256-d0ebe808",
        "deprecated": false,
        "digest": {
            "length": 388.0,
            "function_hash": "132466537335342017437744983732951521615"
        },
        "signature_version": "v1",
        "target": {
            "function": "ensureCorrectTheme",
            "file": "News-Android-App/src/main/java/de/luhmer/owncloudnewsreader/NewsReaderListActivity.java"
        },
        "source": "https://github.com/nextcloud/news-android/commit/05449cb666059af7de2302df9d5c02997a23df85"
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41256.json"

vanir_signatures_modified

"2026-04-11T18:45:37Z"