64 matches found
CVE-2026-31960
CVE-2026-31960 concerns Quill, which before 0.7.1 had an unbounded read of HTTP response bodies during the Apple notarization flow. The vulnerability can allow an attacker who can modify or forge API responses (e.g., via TLS-intercepting proxies or trust boundary violations) to feed an arbitraril...
CVE-2026-31960
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...
CVE-2026-31960 DoS in Quill via unbounded read of HTTP response body during notarization
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...
CVE-2026-31960 DoS in Quill via unbounded read of HTTP response body during notarization
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not...
CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...
CVE-2026-31959
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...
CVE-2026-31959
CVE-2026-31959 (Quill) : Quill before v0.7.1 is vulnerable to SSRF in the notarization logs retrieval flow. The client fetches a URL provided by the Apple notarization service and currently does not validate that the URL uses https or that the host is safe (not local or multicast). An attacker wh...
CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...
CVE-2026-31959 SSRF in Quill via unvalidated URL from Apple notarization log retrieval
Quill provides simple mac binary signing and notarization from any platform. Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple'...
Quill has DoS via unbounded read of HTTP response body during notarization
Impact Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS...
GHSA-G32C-4PVP-769G Quill has DoS via unbounded read of HTTP response body during notarization
Impact Quill before version v0.7.1 has unbounded reads of HTTP response bodies during the Apple notarization process. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network conditions due to HTTPS with proper TLS...
EUVD-2026-11327
Quill has DoS via unbounded read of HTTP response body during notarization...
GHSA-7Q3Q-5PX6-4C5P Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval
Impact Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network...
Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval
Impact Quill before version v0.7.1 contains a Server-Side Request Forgery SSRF vulnerability when attempting to fetch the Apple notarization submission logs. Exploitation requires the ability to modify API responses from Apple's notarization service, which is not possible under standard network...
EUVD-2026-11325
Quill vulnerable to SSRF via unvalidated URL from Apple notarization log retrieval...
PT-2026-24692
Name of the Vulnerable Software and Affected Versions Quill versions prior to 0.7.1 Description Quill, a tool for Mac binary signing and notarization, has an issue where it can allocate an excessive amount of memory when processing Mach-O binaries. This occurs because the software doesn't properl...
PT-2026-24691
Name of the Vulnerable Software and Affected Versions Quill versions prior to 0.7.1 Description Quill, a tool for mac binary signing and notarization, is susceptible to a denial-of-service condition. The issue stems from unbounded reads of HTTP response bodies during the Apple notarization proces...
PT-2026-24806
Name of the Vulnerable Software and Affected Versions Quill versions prior to 0.7.1 Description Quill, a tool for macOS binary signing and notarization, contains a Server-Side Request Forgery SSRF issue when retrieving Apple notarization submission logs. Exploitation requires the ability to modif...
New MacSync Stealer Disguised as Trusted Mac App Hunts Saved Passwords
Jamf security experts have found a new version of MacSync Stealer. Disguised as a zk-call app, it uses official notarization to bypass security and steal your saved passwords...
mx-chain-go does not treat invalid transaction with wrong username correctly
Impact Metachain cannot process a cross-shard miniblock. An invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurre...