Browse all 3 CVE security advisories affecting CocoaPods. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CocoaPods serves as the primary dependency manager for iOS and macOS projects, enabling developers to integrate third-party libraries and frameworks into their applications. Historically, it has been susceptible to remote code execution vulnerabilities through malicious package repositories, cross-site scripting flaws in web interfaces, and privilege escalation risks during installation processes. The project maintains a moderate security posture with three recorded CVEs, including a critical RCE flaw in 2018 related to path traversal during dependency resolution. While no major security incidents have been widely documented, the potential for supply chain attacks remains a concern given its central role in the Apple development ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-38368 | Trunk's 'Claim your pod' could be used to obtain un-used pods — CocoaPodsCWE-668 | 9.3 | Critical | 2024-07-01 |
| CVE-2024-38367 | CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking — CocoaPodsCWE-488 | 8.2 | High | 2024-07-01 |
| CVE-2024-38366 | CoacoaPods trunk RCE in email verification system rfc-822 — CocoaPodsCWE-74 | 10.0 | Critical | 2024-07-01 |
This page lists every published CVE security advisory associated with CocoaPods. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.