@snyk/snyk-cocoapods-plugin (=2.6.0), snyk-docker-plugin (>=8.0.0 <=8.4.0) potentially affected by CVE-2026-32094 via shescape (=2.1.0)

shescape NPM version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on shescape and may be impacted: - @snyk/snyk-cocoapods-plugin =2.6.0 - snyk-docker-plugin =8.0.0, =8.4.0 Source cves: CVE-2026-32094 Source advisory: SNYK:JS-SHESCAPE-15467452...

Supply Chain Insecurity: Exposing Vulnerabilities in IOS Dependency Management Systems

Dependency management systems are a critical component in software development, enabling projects to incorporate existing functionality efficiently. However, misconfigurations and malicious actors in these systems pose severe security risks, leading to supply chain attacks. Despite the widespread...

Malicious code in cocoapod (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-192904 Malicious code in cocoapod (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

EUVD-2024-37281

Malicious code in bioql PyPI...

EUVD-2024-37282

Malicious code in bioql PyPI...

EUVD-2022-1661

Malicious code in bioql PyPI...

EUVD-2022-1732

Malicious code in bioql PyPI...

Malicious code in luno-cocoapods (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9bb59e6b577e1a28cf71bf254ef70a0641db3319c1985827f792edb51ea14493 The OpenSSF Package Analysis project identified 'luno-cocoapods' @ 2.8.0 rubygems as malicious. It is considered malicious because: - The packag...

MAL-2025-1555 Malicious code in luno-cocoapods (RubyGems)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 9bb59e6b577e1a28cf71bf254ef70a0641db3319c1985827f792edb51ea14493 The OpenSSF Package Analysis project identified 'luno-cocoapods' @ 2.8.0 rubygems as malicious. It is considered malicious because: - The packag...

The vulnerability of dependency managers for Swift and Objective-C CocoaPods, related to the provision of data elements during an erroneous session, allows a perpetrator to intercept the owner’s session and take control of another person’s CocoaPods trunk account.

The vulnerability of the dependency manager for Swift and Objective-C CocoaPods relates to the provision of data elements during an erroneous session. Exploiting this vulnerability can allow a remote attacker to intercept the user’s session and take control of their CocoaPods trunk account...

The vulnerability of the dependency manager for Swift and Objective-C CocoaPods exists due to the lack of measures taken to neutralize special elements, allowing attackers to execute arbitrary code.

The vulnerability of dependency managers for Swift and Objective-C CocoaPods exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-38367

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

CVE-2024-38366

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38368

CVE-2024-38368 concerns CocoaPods trunk authentication server vulnerability where unclaimed pods could be claimed or where all owners could be removed, enabling takeover of pods migrated from the pre-2014 workflow to trunk. The issue stems from how ownership was managed on CocoaPods’ trunk server...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

CVE-2024-38367 CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of...

CVE-2024-38366

CVE-2024-38366 affects CocoaPods Trunk Server (trunk.cocoapods.org). The flaw stems from the email signup MX verification using an RFC-822 library which executes the host command to validate MX records, enabling remote code execution on the Trunk server. The underlying risk is that an attacker co...