CVE-2024-11681
- Source
- https://cve.org/CVERecord?id=CVE-2024-11681
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11681.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-11681
- Aliases
-
- GHSA-2j38-pjh8-wfxw
- Published
- 2025-01-07T15:15:09.207Z
- Modified
- 2026-01-09T19:26:17.209879Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
- Summary
- [none]
- Details
-
A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror.
- References
Affected packages
Git / github.com/macports/macports-base
Affected ranges
- Type
- GIT
- Repo
- https://github.com/macports/macports-base
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
DPORTS-BASE_0_5
PRE_DESTROOT_TARGET
PortImages-merge
jberry-before-preview13-merge
jberry-dropprivs-bp
jberry-preview13-base
jkh-destrootification-base
kevin-target-api-base
post-landon-trace
pre-chain-remove
pre-landon-trace
pre-wbb4-images
rshaw-archivemode-base
ssen-platform-1-base
ssen-platform-2-base
wbb4-versionfoobage-1-base
v1.*
v1.2-bp
v1.3-bp
v1.7.0-beta1
v1.8.0-beta1
v1.9.0-beta1
v2.*
v2.0.0-beta1
v2.10.0
v2.10.0-beta1
v2.10.0-beta2
v2.10.0-rc1
v2.10.1
v2.10.2
v2.10.3
v2.10.4
v2.4.0-beta1
v2.5.0-beta1
v2.6.0-beta1
v2.8.0-beta1
v2.9.0-beta1