PT-2024-5205 · Cocoapods · Cocoapods

🗓️ 01 Jul 2024 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 3 Views

CocoaPods vulnerability exploited email validation flaw; fixed in September 2023 with user-session reset.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2024-38366	2 Jul 202416:00	–	circl
CNNVD	CocoaPods Security Vulnerability	1 Jul 202400:00	–	cnnvd
CVE	CVE-2024-38366	1 Jul 202420:42	–	cve
Cvelist	CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822	1 Jul 202420:42	–	cvelist
NVD	CVE-2024-38366	1 Jul 202421:15	–	nvd
OSV	CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822	1 Jul 202420:42	–	osv
The Hacker News	Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks	1 Jul 202416:12	–	thn
Vulnrichment	CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822	1 Jul 202420:42	–	vulnrichment

Source	Link
github	www.github.com/ReeFSpeK/CocoaPods-RCE_CVE-2024-38366
evasec	www.evasec.webflow.io/blog/eva-discovered-supply-chain-vulnerabities-in-cocoapods
blog	www.blog.cocoapods.org/CocoaPods-Trunk-RCEs-2023
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-38366
bdu	www.bdu.fstec.ru/vul/2024-05762
github	www.github.com/CocoaPods/CocoaPods/security/advisories/GHSA-x2x4-g675-qg7c
t	www.t.me/true_secator/5924
twitter	www.twitter.com/cedwhitedragon/status/1910149748767490305
xakep	www.xakep.ru/2024/07/03/cocoapods-problems
t	www.t.me/echeloneyes/2908

10 Apr 2025 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.110

EPSS0.58458

SSVC

cocoapods vulnerability email validation flaw authentication server root access security patch