Home > Vulnerability Database > CVE-2024-22405

Mend.io Vulnerability Database

CVE-2024-22405

Date: April 30, 2024

XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue.

Language: Objective-C

Severity Score

5.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22405

Url: https://github.com/MacPaw/XADMaster/commit/b75c05bc3bca9e183ecd3c512e270ce93006da3c

Url: https://github.com/MacPaw/XADMaster/security/advisories/GHSA-xg3c-r7w5-7xw2

Url: https://www.mend.io/vulnerability-database/CVE-2024-22405

Severity Score

5.5

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22405

Date: April 30, 2024

Language: Objective-C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?