CVE-2021-41067

Name of the Vulnerable Software and Affected Versions Listary versions prior to 7

Description An issue exists due to the improper implementation of the update process, which uses a /check-update HTTP-based connection to download software updates. This can be exploited using Man-In-The-Middle (MITM) techniques. Additionally, the lack of package validation can lead to the manipulation of update packages, potentially resulting in the installation of malicious content.

Recommendations For versions prior to 7, update to version 7 or later to resolve the issue. As a temporary workaround, consider restricting access to the update process to minimize the risk of exploitation. Avoid using HTTP-based connections for software updates until the issue is resolved.