Cocoapods

Trunk.Cocoapods.Org

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.6

CVE-2024-38367

Exploit
  • EPSS 4.99%
  • Veröffentlicht 01.07.2024 21:15:04
  • Zuletzt bearbeitet 21.11.2024 09:25:28

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a vic...

9.3

CVE-2024-38368

  • EPSS 1.93%
  • Veröffentlicht 01.07.2024 21:15:04
  • Zuletzt bearbeitet 21.11.2024 09:25:28

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible...

10

CVE-2024-38366

Exploit
  • EPSS 58.46%
  • Veröffentlicht 01.07.2024 21:15:03
  • Zuletzt bearbeitet 21.11.2024 09:25:28

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email dom...