CyberSec.Space Logo
返回 CVE 浏览器

CVE-2021-40531

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile27.24th
Published2021年9月6日
Last Modified2024年11月21日

Vulnerability Description

Sketch before 75 allows library feeds to be used to bypass file quarantine. Files are automatically downloaded and opened, without the com.apple.quarantine extended attribute. This results in remote code execution, as demonstrated by CommandString in a terminal profile to Terminal.app.

Affected Platforms (CPE)

📦
Sketch

Sketch

< 75

References & Advisories

🔗 https://jonpalmisc.com/2021/11/22/cve-2021-40531
🔗 https://www.sketch.com/updates/#version-75
🔗 https://jonpalmisc.com/2021/11/22/cve-2021-40531
🔗 https://www.sketch.com/updates/#version-75

相关漏洞威胁

CVE-2002-204710.0

The file preview functionality in Sketch 0.6.12 and earlier allows remote attackers to execute arbitrary commands via shell metach...

CVE-2026-323119.8

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. ...

CVE-2014-69395.4

The Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application 5.0.0 for Android does not verify X.509 cert...

CVE-2021-3467910.0

Thycotic Password Reset Server before 5.3.0 allows credential disclosure.