PYSEC-2018-95

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/osxcollector/PYSEC-2018-95.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2018-95

Aliases

Published

2018-06-13T22:29:00Z

Modified

2024-04-22T23:12:31.630838Z

Summary

[none]

Details

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.

References

https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/

Affected packages

PyPI / osxcollector

Package

Name: osxcollector; View open source insights on deps.dev
Purl: pkg:pypi/osxcollector

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.10

Affected versions

1.*

1.7

1.8