Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking
Vulnerability Description
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of the CocoaPods trunk account. The threat actor could manipulate their pod specifications, disrupt the distribution of legitimate libraries, or cause widespread disruption within the CocoaPods ecosystem. This was patched server-side with commit d4fa66f49cedab449af9a56a21ab40697b9f7b97 in October 2023.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:H
Vulnerability Type
对错误会话暴露数据元素
Vulnerability Title
CocoaPods 安全漏洞
Vulnerability Description
CocoaPods是CocoaPods开源的一个 Cocoa 依赖关系管理器。 CocoaPods存在安全漏洞,该漏洞源于存在会话劫持,导致攻击者可以破坏合法库的分发。
CVSS Information
N/A
Vulnerability Type
N/A