CRITICAL🇵🇱 Wersja polska

CVE-2023-27574

CVSS 9.8v3.1pub. 2023-03-03upd. 2025-03-06

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Shadowsocks Shadowsocksx Ng

    APP
    Shadowsocks
    1.10.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2019-5152HIGH7.4ten sam vendor

An exploitable information disclosure vulnerability exists in the network packet handling functionality of Sha...

CVE-2019-5163HIGH7.5ten sam vendor

An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of Shadowsocks-libev 3.3.2...

CVE-2019-5164HIGH7.8ten sam vendor

An exploitable code execution vulnerability exists in the ss-manager binary of Shadowsocks-libev 3.3.2. Specia...

CVE-2017-15924HIGH7.8ten sam vendor

In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell met...