CyberSec.Space Logo
Back to CVE Browser

CVE-2021-40531

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile27.24th
PublishedSep 6, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app.

Affected Platforms (CPE)

πŸ“¦
Sketch

Sketch

< 75

References & Advisories

πŸ”— https://jonpalmisc.com/2021/11/22/cve-2021-40531
πŸ”— https://www.sketch.com/updates/#version-75
πŸ”— https://jonpalmisc.com/2021/11/22/cve-2021-40531
πŸ”— https://www.sketch.com/updates/#version-75

Related Vulnerabilities

CVE-2002-204710.0

The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metach...

CVE-2026-323119.8

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. ...

CVE-2014-69395.4

The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 cert...

CVE-2021-3384110.0

SGE-PLC1000 device, in its 0.9.2b firmware version, does not handle some requests correctly, allowing a remote attacker to inject ...