Ubuntu Security Notice 4721-1 - Simon McVittieg discovered that flatpak-portal service allowed sandboxed applications to execute arbitrary code on the host system. A malicious user could create a Flatpak application that set environment variables, trusted by the Flatpak "run" command, and use it to execute arbitrary code outside the sandbox.
8fdb1b95064080911e8061c372c4f26b
Red Hat Security Advisory 2021-0411-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
3f9a486913db94bb805224707703dfcc
Red Hat Security Advisory 2021-0307-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
857ba634ee43a300313a02074d82881e
Red Hat Security Advisory 2021-0306-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
640ccfdd86d0449485ff80f9bf3726bd
Red Hat Security Advisory 2021-0304-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
37c9ebeb7ce7e1d664df547999485d4b
Gentoo Linux Security Advisory 202101-21 - A vulnerability was discovered in Flatpak which could allow a remote attacker to execute arbitrary code. Versions less than 1.10.0 are affected.
35be11b975ae4a3d5f625c07cd1912c7