CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2021/CVE-2021-40531.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

21 lines
899 B
Markdown
Raw Permalink Blame History

### [CVE-2021-40531](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40531)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)
### Description
Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app.
### POC
#### Reference
- https://jonpalmisc.com/2021/11/22/cve-2021-40531
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/jonpalmisc/CVE-2021-40531
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/soosmile/POC
Reference in New Issue View Git Blame Copy Permalink