Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Trunk's 'Claim your pod' could be used to obtain un-used pods
Vulnerability Description
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all owners removed from a pod, and that made the pod available for the same claiming system. This was patched server-side in commit 71be5440906b6bdfbc0bcc7f8a9fec33367ea0f4 in September 2023.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:L
Vulnerability Type
将资源暴露给错误范围
Vulnerability Title
CocoaPods 安全漏洞
Vulnerability Description
CocoaPods是CocoaPods开源的一个 Cocoa 依赖关系管理器。 CocoaPods存在安全漏洞,该漏洞源于允许攻击者认领从未被认领的pods或移除所有拥有者后重新认领这些pods。
CVSS Information
N/A
Vulnerability Type
N/A