### [CVE-2021-41256](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41256)
![](https://img.shields.io/static/v1?label=Product&message=news-android&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%200.9.9.63%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-829%3A%20Inclusion%20of%20Functionality%20from%20Untrusted%20Control%20Sphere&color=brightgreen)

### Description

nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible.

### POC

#### Reference
- https://github.com/nextcloud/news-android/blob/master/security/GHSL-2021-1033_Nextcloud_News_for_Android.md

#### Github
No PoCs found on GitHub currently.